A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2022-08-26T15:25:39
Updated: 2024-08-03T17:09:09.586Z
Reserved: 2021-10-06T00:00:00
Link: CVE-2021-3864
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-26T16:15:09.680
Modified: 2023-02-12T23:42:51.317
Link: CVE-2021-3864
Redhat