CVE-2021-3864
ADVISORY - nistSummary
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.
NIST
1
CVSS SCORE
7highDebian
-
Ubuntu
1.0
CVSS SCORE
7mediumRed Hat
1.0
CVSS SCORE
7mediumChainguard
CGA-827v-ph9x-vh96
-
Chainguard
CGA-gxrm-w6f6-g6g3
-
Chainguard
CGA-h3m2-5726-8xfp
-
Chainguard
CGA-mmpc-6qgc-qpqh
-
Chainguard
CGA-rj38-8f2r-3q7p
-
Chainguard
CGA-wgcg-g948-vc43
-
Chainguard
CGA-xgf4-223m-mw76
-
intheWild
-
-