Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3368

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-3368
Last Modified 04 Jul 2012 12:00:00
Published 03 Jul 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-3368

Summary

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

Vulnerable Systems

Application

  • Redhat Dtach 0.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=835849

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=812551

CONFIRM - http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812

CONFIRM - http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302


Last Updated: 27 May 2016 10:42:32