Vulnerability Details : CVE-2012-3368
Potential exploit
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
Products affected by CVE-2012-3368
- cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3368
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3368
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2012-3368
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3368
-
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
dtach / Bugs / #10 [PATCH] Bad behavior on disconnectPatch
-
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
dtach / Bugs / #10 [PATCH] Bad behavior on disconnectExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=835849
835849 – (CVE-2012-3368) CVE-2012-3368 dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
#625302 - dtach: CVE-2012-3368 random text sent on window close - Debian Bug report logs
-
https://bugzilla.redhat.com/show_bug.cgi?id=812551
812551 – [PATCH] Bad behavior on disconnectExploit
Jump to