CVE-2012-1106

Published: Jul 3, 2012Modified: Apr 29, 2026

1.9

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 3.4 / Impact: 2.9

Source: NVD

Description

The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.

Affected (1)

Products: Redhat: Automatic Bug Reporting Tool

1 product

Automatic Bug Reporting Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Automatic Bug Reporting Tool	Up to 2.0.7

Related CWEs

References (8)

http://rhn.redhat.com/errata/RHSA-2012-0841.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/54121

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/76524

Source: secalert@redhat.com

https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0

Source: secalert@redhat.com

ExploitPatch

http://rhn.redhat.com/errata/RHSA-2012-0841.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/54121

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/76524

Source: af854a3a-2127-422b-91ae-364da2661108

https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.