Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1106

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-1106
Last Modified 03 Jul 2012 12:00:00
Published 03 Jul 2012 12:40:32
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1106

Summary

The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.

Vulnerable Systems

Application

  • Redhat Automatic Bug Reporting Tool 2.0.7


References

CONFIRM - https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0

XF - abrt-info-disc(76524)

BID - 54121

REDHAT - RHSA-2012:0841


Last Updated: 27 May 2016 10:56:36