CVE-2012-6136Incorrect Default Permissions in Tuned

CWE-276Incorrect Default Permissions7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
TunedDebian LinuxFedoraproject Fedora+5 more
Timeline
PublishedNov 20
Latest updateApr 23

Description

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5tuned/tuned2.10.0-1
NVDredhat/tuned2.10.0

Also affects: Debian Linux 10.0, Fedora 17, Enterprise Linux 6.0

🔴Vulnerability Details

2
GHSA
GHSA-4hrr-7cq5-fj96: tuned 22022-04-23
CVEList
CVE-2012-6136: tuned 22019-11-20

📋Vendor Advisories

2
Red Hat
tuned: insecure permissions of tuned.pid2012-08-02
Debian
CVE-2012-6136: tuned - tuned 2.10.0 creates its PID file with insecure permissions which allows local u...2012

💬Community

2
Bugzilla
CVE-2012-6136 tuned: insecure permissions of tuned.pid2013-03-06
Bugzilla
CVE-2012-6136 CVE-2013-1820 tuned: multiple insecure permissions of pid files [fedora-17]2013-03-05
CVE-2012-6136 — Incorrect Default Permissions in Tuned | cvebase