Bug 785163 (CVE-2012-1106)

Summary: CVE-2012-1106 abrt: Setuid process core dump archived with unsafe GID permissions
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dcleal, jmoskovc, mjc, mnowak, npajkovs, rvokal, scorneli, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
No documentation needed
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:10:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 783450, 800027    
Bug Blocks: 784298, 785171    

Description Jan Lieskovsky 2012-01-27 13:50:20 UTC
A sensitive information disclosure flaw was found in the way abrt, the automatic bug detection and reporting tool, performed archiving of certain core dump files. When the abrt C handler plug-in and core dumps for setuid and setgid processes were enabled (via fs.suid_dumpable=2), an unprivileged local user could use this flaw to obtain access to core dump files of setuid processes, which terminated with crash and were run by the same unprivileged user, leading to disclosure of sensitive information due to weak GID permissions, those core dump files were created with.

Comment 2 Jan Lieskovsky 2012-01-27 14:46:28 UTC
This issue affects the version of the abrt package, as shipped with Red Hat
Enterprise Linux 6.

--

This issue affects the versions of the abrt package, as shipped with Fedora release of 15 and 16.

Comment 3 Stefan Cornelius 2012-03-05 15:00:02 UTC
A CVE identifier of CVE-2012-1106 has been assigned to this issue.

Comment 5 Stefan Cornelius 2012-03-05 16:06:39 UTC
Created abrt tracking bugs for this issue

Affects: fedora-all [bug 800027]

Comment 10 errata-xmlrpc 2012-06-20 07:04:15 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0841 https://rhn.redhat.com/errata/RHSA-2012-0841.html

Comment 12 Mark J. Cox 2012-08-22 10:56:54 UTC
Acknowledgements:

This issue was discovered by Dominic Cleal of Red Hat