CVE-2012-1106 - Windiest Aluminum

Description

The C handler plug-in in Automatic Bug Reporting Tool (ABRT) possibly 2.0.8 and earlier does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2 which allows local users to obtain sensitive information.

Reference

https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0 http://www.securityfocus.com/bid/54121 http://rhn.redhat.com/errata/RHSA-2012-0841.html https://exchange.xforce.ibmcloud.com/vulnerabilities/76524