Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-3368

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

Published

2012-07-03T21:55:01.567

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	dtach	0.8	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302 ([email protected])
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 Exploit ([email protected])
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=812551 Exploit ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=835849 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=812551 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=835849 (af854a3a-2127-422b-91ae-364da2661108)