Vulnerability Description
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Dtach | 0.8 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=4173Exploit
- http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=4Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=812551Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=835849
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=4173Exploit
- http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=4Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=812551Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=835849
FAQ
What is CVE-2012-3368?
CVE-2012-3368 is a vulnerability with a CVSS score of 2.6 (LOW). Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an i...
How severe is CVE-2012-3368?
CVE-2012-3368 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3368?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Dtach.