CVE-2012-6136

Published: Nov 20, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

Affected (7)

Products: Redhat: Tuned, Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Fedoraproject: Fedora · Debian: Debian Linux

5 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Tuned	Version 2.10.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 17

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2012-6136

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2012-6136

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.