ABRT Command Injection Vulnerability Leading to Local Privilege Escalation

A command injection vulnerability has been identified in the ABRT daemon's handling of user-supplied mount information. This flaw allows an unprivileged local user to inject shell metacharacters into a command executed by the ABRT process, which runs with root privileges. The vulnerability arises because ABRT improperly sanitizes user input before embedding it into a shell command that invokes 'docker inspect'. Exploitation of this vulnerability could lead to unauthorized execution of commands as root, causing a full system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary command execution as the root user, leading to complete control over the affected system.

Reproduction

To reproduce this vulnerability, an unprivileged local user must access the ABRT socket and provide crafted mount information that includes shell metacharacters. ABRT will then execute the injected commands with root privileges, bypassing systemd sandboxing.