Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 407011 (CVE-2012-1106)

Summary: <app-admin/abrt-2.0.8 : Setuid process core dump archived with unsafe GID permissions (CVE-2012-1106)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=785163
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 407251    
Bug Blocks:    

Description Michael Harrison 2012-03-05 18:41:07 UTC 
A sensitive information disclosure flaw was found in the way abrt, the
automatic bug detection and reporting tool, performed archiving of certain core
dump files. When the abrt C handler plug-in and core dumps for setuid and
setgid processes were enabled (via fs.suid_dumpable=2), an unprivileged local
user could use this flaw to obtain access to core dump files of setuid
processes, which terminated with crash and were run by the same unprivileged
user, leading to disclosure of sensitive information due to weak GID
permissions, those core dump files were created with.

Upstream Patch:
https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0
Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-03-07 07:28:47 UTC 
Thanks for reporting, fixed in abrt-2.0.8. Note that app-admin/abrt-2.0.8 must be stabilized together with >=dev-libs/libreport-2.0.9 and probably with >=dev-libs/btparser-0.16.

>*abrt-2.0.8 (07 Mar 2012)
> 
>  07 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> +abrt-2.0.8.ebuild,
>  +files/abrt-2.0.8-gentoo.patch:
>  Version bump. Fixes permissions on dumps of setuid processes (bug #407011,
>  CVE-2012-1106, thanks to Michael Harrison for reporting).
Comment 2 Agostino Sarubbo gentoo-dev 2012-03-07 09:59:06 UTC 
Arches, please test and mark stable:
=app-admin/abrt-2.0.8
Target KEYWORDS : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-03-13 12:09:23 UTC 
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-15 18:10:02 UTC 
x86 stable
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-03-15 20:33:32 UTC 
Thanks, everyone. GLSA Vote: no.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-16 19:43:49 UTC 
GLSA vote: no. 

Closing noglsa.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-07-13 21:24:40 UTC 
CVE-2012-1106 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1106):
  The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8
  and earlier, does not properly set the group (GID) permissions on core dump
  files for setuid programs when the sysctl fs.suid_dumpable option is set to
  2, which allows local users to obtain sensitive information.