CVE-2012-3368
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3368
Vendor advisory: secalert@redhat.com — http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0.8-2.1 |
| debian | bullseye | fixed | 0.8-2.1 |
| debian | forky | fixed | 0.8-2.1 |
| debian | sid | fixed | 0.8-2.1 |
| debian | trixie | fixed | 0.8-2.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | dtach | 0.8 | |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
- http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
- https://bugzilla.redhat.com/show_bug.cgi?id=812551
- https://bugzilla.redhat.com/show_bug.cgi?id=835849
- https://security-tracker.debian.org/tracker/CVE-2012-3368
CWEs
CWE-189
Verify integrity in audit chain (admin only). AS-IS.