Bug 918813 (CVE-2012-6136) - CVE-2012-6136 tuned: insecure permissions of tuned.pid
Summary: CVE-2012-6136 tuned: insecure permissions of tuned.pid
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-6136
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 845336 918233
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-06 23:32 UTC by Vincent Danen
Modified: 2019-09-29 13:01 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-06 23:40:11 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2013-03-06 23:32:59 UTC
Aaron Parsons reported [1] that tuned would create its PID file with insecure permissions (0666).  A local user could use this flaw to kill arbitrary running processes when the tuned service is stopped.

This was fixed upstream [2] and was also previously corrected in Red Hat Enterprise Linux 6 via RHBA-2013:0386 [3].

Current Fedora 18 inherited the upstream fix, however Fedora 17 is still affected by this issue.


[1] https://bugzilla.redhat.com/show_bug.cgi?id=845336
[2] http://git.fedorahosted.org/cgit/tuned.git/commit/?h=1.0&id=9e8f670
[3] http://rhn.redhat.com/errata/RHBA-2013-0386.html

Comment 1 Vincent Danen 2013-03-06 23:39:20 UTC
Created tuned tracking bugs for this issue

Affects: fedora-17 [bug 918233]


Note You need to log in before you can comment on or make changes to this bug.