Bug 847835 - (CVE-2013-1067) VUL-0: CVE-2013-1067: apport: incorrect permissions for setuid core dumps
VUL-0: CVE-2013-1067: apport: incorrect permissions for setuid core dumps
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Jan Matejek
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2013-10-28 08:52 UTC by Marcus Meissner
Modified: 2013-12-20 15:12 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-10-28 08:52:43 UTC

Martin Carpenter discovered that Apport set incorrect permissions on core
dump files generated by setuid binaries. A local attacker could possibly
use this issue to obtain privileged information.


(we also have a old version of apport ... do we want it on the distribution still or should we get rid of it?)
Comment 1 Swamp Workflow Management 2013-10-28 23:00:26 UTC
bugbot adjusting priority
Comment 3 Jan Matejek 2013-11-06 14:39:52 UTC
ISTM that on SUSE, /proc/sys/fs/suid_dumpable is 0 by default, and that should mean that setuid programs don't generate crash dumps at all.

Can you confirm?

If this is the case, we are unaffected by the bug.
(we might want to fix this anyway, for users who switch fs.suid_dumpable to a non-zero value. but that would probably make this a lower-priority fix)
Comment 4 Marcus Meissner 2013-11-19 09:25:10 UTC
i am totally fine with fixing this just for Factory/SLE12 as you said we do not default enable core dumps nor apport.
Comment 5 Jan Matejek 2013-12-20 15:12:47 UTC
we got an apport update heading to Factory, so i am closing this