CVE-2012-1106

CWE-2646 documents5 sources
Severity
1.9LOW
EPSS
0.0%
top 85.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Automatic BUG Reporting Tool
Timeline
PublishedJul 3
Latest updateMay 17

Description

The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: fedorahosted.org ↗Patch: fedorahosted.org ↗

🔴Vulnerability Details

2
GHSA
GHSA-rph2-33pr-67ww: The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2↗2022-05-17
â–¶
CVEList
CVE-2012-1106: The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2↗2012-07-03
â–¶

📋Vendor Advisories

1
Red Hat
abrt: Setuid process core dump archived with unsafe GID permissions↗2012-02-06
â–¶

💬Community

2
Bugzilla
CVE-2012-1106 abrt: Setuid process core dump archived with unsafe GID permissions [fedora-all]↗2012-03-05
â–¶
Bugzilla
CVE-2012-1106 abrt: Setuid process core dump archived with unsafe GID permissions↗2012-01-27
â–¶
CVE-2012-1106 (LOW CVSS 1.9) | The C handler plug-in in Automatic | cvebase.io