Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 407011 (CVE-2012-1106) - <app-admin/abrt-2.0.8 : Setuid process core dump archived with unsafe GID permissions (CVE-2012-1106)
Summary: <app-admin/abrt-2.0.8 : Setuid process core dump archived with unsafe GID per...
Status: RESOLVED FIXED
Alias: CVE-2012-1106
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 407251
Blocks:
  Show dependency tree
 
Reported: 2012-03-05 18:41 UTC by Michael Harrison
Modified: 2012-07-13 21:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2012-03-05 18:41:07 UTC
A sensitive information disclosure flaw was found in the way abrt, the
automatic bug detection and reporting tool, performed archiving of certain core
dump files. When the abrt C handler plug-in and core dumps for setuid and
setgid processes were enabled (via fs.suid_dumpable=2), an unprivileged local
user could use this flaw to obtain access to core dump files of setuid
processes, which terminated with crash and were run by the same unprivileged
user, leading to disclosure of sensitive information due to weak GID
permissions, those core dump files were created with.

Upstream Patch:
https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0
Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-03-07 07:28:47 UTC
Thanks for reporting, fixed in abrt-2.0.8. Note that app-admin/abrt-2.0.8 must be stabilized together with >=dev-libs/libreport-2.0.9 and probably with >=dev-libs/btparser-0.16.

>*abrt-2.0.8 (07 Mar 2012)
> 
>  07 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> +abrt-2.0.8.ebuild,
>  +files/abrt-2.0.8-gentoo.patch:
>  Version bump. Fixes permissions on dumps of setuid processes (bug #407011,
>  CVE-2012-1106, thanks to Michael Harrison for reporting).
Comment 2 Agostino Sarubbo gentoo-dev 2012-03-07 09:59:06 UTC
Arches, please test and mark stable:
=app-admin/abrt-2.0.8
Target KEYWORDS : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-03-13 12:09:23 UTC
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-15 18:10:02 UTC
x86 stable
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-03-15 20:33:32 UTC
Thanks, everyone. GLSA Vote: no.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-16 19:43:49 UTC
GLSA vote: no. 

Closing noglsa.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-07-13 21:24:40 UTC
CVE-2012-1106 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1106):
  The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8
  and earlier, does not properly set the group (GID) permissions on core dump
  files for setuid programs when the sysctl fs.suid_dumpable option is set to
  2, which allows local users to obtain sensitive information.