CVE-2012-3368 - Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive inform

CVE-2012-3368

Summary

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
https://bugzilla.redhat.com/show_bug.cgi?id=812551
https://bugzilla.redhat.com/show_bug.cgi?id=835849

Vulnerable Configurations

cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 04-07-2012 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

refmap via4

confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
https://bugzilla.redhat.com/show_bug.cgi?id=812551
https://bugzilla.redhat.com/show_bug.cgi?id=835849

Last major update

04-07-2012 - 04:00

Published

03-07-2012 - 21:55

Last modified

04-07-2012 - 04:00