Vulnerability Description
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Automatic Bug Reporting Tool | <= 2.0.7 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0841.html
- http://www.securityfocus.com/bid/54121
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76524
- https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0ExploitPatch
- http://rhn.redhat.com/errata/RHSA-2012-0841.html
- http://www.securityfocus.com/bid/54121
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76524
- https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0ExploitPatch
FAQ
What is CVE-2012-1106?
CVE-2012-1106 is a vulnerability with a CVSS score of 1.9 (LOW). The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.su...
How severe is CVE-2012-1106?
CVE-2012-1106 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1106?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Automatic Bug Reporting Tool.