PT-2012-3084 · Red Hat+1 · Abrt+2

Publicado

2012-06-19

Atualizado

2017-08-29

CVE-2012-1106

CVSS v2.0

1.9

Baixa

Vetor

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ABRT versions 2.0.8 and earlier

Description The issue is related to the C handler plug-in in ABRT, which does not properly set group permissions on core dump files for setuid programs when the sysctl fs.suid dumpable option is set to 2. This allows local users to obtain sensitive information.

Recommendations For ABRT versions 2.0.8 and earlier, consider restricting access to core dump files until a proper fix is applied, to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2012_0841

CVE-2012-1106

RHSA-2012:0841

RHSA-2012_0841

Produtos afetados

Abrt

Centos

Red Hat

PT-2012-3084 · Red Hat+1 · Abrt+2

CVE-2012-1106

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16