CVE-2012-1187 - Improper Check for Dropped Privileges

Severity

98%

Complexity

39%

Confidentiality

98%

Bitlbee does not drop extra group privileges correctly in unix.c

Bitlbee does not drop extra group privileges correctly in unix.c

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Demo Examples

Improper Check for Dropped Privileges

CWE-273

This code attempts to take on the privileges of a user before creating a file, thus avoiding performing the action with unnecessarily high privileges:


               
}
/../

The call to ImpersonateNamedPipeClient may fail, but the return value is not checked. If the call fails, the code may execute with higher privileges than intended. In this case, an attacker could exploit this behavior to write a file to a location that the attacker does not have access to.

Overview

First reported 5 years ago

2019-10-29 19:15:00

Last updated 5 years ago

2019-10-31 01:27:00

Affected Software

BitlBee BitlBee 3.0.4

3.0.4

References

https://access.redhat.com/security/cve/cve-2012-1187

Broken Link

https://bugs.bitlbee.org/ticket/852

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187

Issue Tracking, Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2012-1187

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.