Published: 18/09/2012 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

libdbus 1.5.x and previous versions, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop libdbus 1.5.2
freedesktop libdbus 1.5.6
freedesktop libdbus 1.5.8
freedesktop libdbus 1.5.0
freedesktop libdbus 1.5.10
freedesktop libdbus
freedesktop libdbus 1.5.4

Synopsis Moderate: dbus security update Type/Severity Security Advisory: Moderate Topic Updated dbus packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scoring ...

Debian Bug report logs - #689070 Please take upstream D-Bus patches for CVE-2012-3524 Package: dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for dbus is src:dbus (PTS, buildd, popcon) Reported by: Geoffrey Thomas <gthomas@mokafivecom> Date: Fri, 28 Sep ...

DBus could be made to run programs as an administrator ...

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus) (CVE-2012-3524) ...

/* dzugc CVE-2012-3524 PoC (C) 2012 Sebastian Krahmer * * Trivial non-dbus root exploit (Yes, it is 2012!) * * The underlying bug (insecure getenv() by default) has been * reported ages ago, but nobody really cared Unless you have an * exploit * */ #include <stdioh> #include <stdlibh> #include <unistdh> #include ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2012-1261.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html http://www.exploit-db.com/exploits/21323 https://bugzilla.redhat.com/show_bug.cgi?id=847402 http://secunia.com/advisories/50537 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html https://bugzilla.novell.com/show_bug.cgi?id=697105 https://bugs.freedesktop.org/show_bug.cgi?id=52202 http://stealth.openwall.net/null/dzug.c http://www.openwall.com/lists/oss-security/2012/09/14/2 http://www.securityfocus.com/bid/55517 http://www.openwall.com/lists/oss-security/2012/09/12/6 http://www.openwall.com/lists/oss-security/2012/07/26/1 http://www.openwall.com/lists/oss-security/2012/09/17/2 http://www.openwall.com/lists/oss-security/2012/07/10/4 http://www.ubuntu.com/usn/USN-1576-2 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html http://www.ubuntu.com/usn/USN-1576-1 http://secunia.com/advisories/50710 http://secunia.com/advisories/50544 http://www.mandriva.com/security/advisories?name=MDVSA-2013:083 http://www.mandriva.com/security/advisories?name=MDVSA-2013:070 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html https://access.redhat.com/errata/RHSA-2012:1261 https://nvd.nist.gov https://usn.ubuntu.com/1576-1/https://www.exploit-db.com/exploits/21323/

CVE-2012-3524

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect