Improper Check for Dropped Privileges

CVE-2012-1187

High

7.5/10

Summary

Bitlbee does not drop extra group privileges correctly in unix.c

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-273 - Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References

Advisory Timeline

Published Oct 29, 2019