A sensitive information disclosure flaw was found in the way abrt, the automatic bug detection and reporting tool, performed archiving of certain core dump files. When the abrt C handler plug-in and core dumps for setuid and setgid processes were enabled (via fs.suid_dumpable=2), an unprivileged local user could use this flaw to obtain access to core dump files of setuid processes, which terminated with crash and were run by the same unprivileged user, leading to disclosure of sensitive information due to weak GID permissions, those core dump files were created with. Upstream Patch: https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0
Thanks for reporting, fixed in abrt-2.0.8. Note that app-admin/abrt-2.0.8 must be stabilized together with >=dev-libs/libreport-2.0.9 and probably with >=dev-libs/btparser-0.16. >*abrt-2.0.8 (07 Mar 2012) > > 07 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> +abrt-2.0.8.ebuild, > +files/abrt-2.0.8-gentoo.patch: > Version bump. Fixes permissions on dumps of setuid processes (bug #407011, > CVE-2012-1106, thanks to Michael Harrison for reporting).
Arches, please test and mark stable: =app-admin/abrt-2.0.8 Target KEYWORDS : "amd64 x86"
amd64 stable
x86 stable
Thanks, everyone. GLSA Vote: no.
GLSA vote: no. Closing noglsa.
CVE-2012-1106 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1106): The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.