Vulnerability Details : CVE-2012-3368
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
Exploit prediction scoring system (EPSS) score for CVE-2012-3368
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3368
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2012-3368
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3368
-
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
dtach / Bugs / #10 [PATCH] Bad behavior on disconnectPatch
-
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
dtach / Bugs / #10 [PATCH] Bad behavior on disconnectExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=835849
835849 – (CVE-2012-3368) CVE-2012-3368 dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
#625302 - dtach: CVE-2012-3368 random text sent on window close - Debian Bug report logs
-
https://bugzilla.redhat.com/show_bug.cgi?id=812551
812551 – [PATCH] Bad behavior on disconnectExploit
Products affected by CVE-2012-3368
- cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*