{"uuid": "2cd53c75-bba0-4a84-b35c-1815a6317016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3864", "type": "seen", "source": "https://t.me/arpsyndicate/761", "content": "#ExploitObserverAlert\n\nCVE-2021-3864\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2021-3864. A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.0", "creation_timestamp": "2023-11-29T15:44:43.000000Z"}