CVE-2012-1106
03.07.2012, 16:40
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | automatic_bug_reporting_tool | 𝑥 ≤ 2.0.7 |
𝑥
= Vulnerable software versions
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| abrt |
| ||
| abrt-addon-ccpp |
| ||
| abrt-addon-kerneloops |
| ||
| abrt-addon-python |
| ||
| abrt-addon-vmcore |
| ||
| abrt-cli |
| ||
| abrt-desktop |
| ||
| abrt-devel |
| ||
| abrt-gui |
| ||
| abrt-libs |
| ||
| abrt-tui |
| ||
| btparser |
| ||
| btparser-devel |
| ||
| btparser-python |
| ||
| libreport |
| ||
| libreport-cli |
| ||
| libreport-devel |
| ||
| libreport-gtk |
| ||
| libreport-gtk-devel |
| ||
| libreport-newt |
| ||
| libreport-plugin-bugzilla |
| ||
| libreport-plugin-kerneloops |
| ||
| libreport-plugin-logger |
| ||
| libreport-plugin-mailx |
| ||
| libreport-plugin-reportuploader |
| ||
| libreport-plugin-rhtsupport |
| ||
| libreport-python |
| ||
| python-meh |
|
Common Weakness Enumeration
References