Published: 18/09/2012 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop spice-gtk -
gtk libgio -

Synopsis Moderate: spice-gtk security update Type/Severity Security Advisory: Moderate Topic Updated spice-gtk packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabili ...

Debian Bug report logs - #689155 spice-client-glib-usb-acl-helper: CVE-2012-4425: privilege escalation via crafted environment variables Package: libspice-client-glib-20-1; Maintainer for libspice-client-glib-20-1 is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Sat, 29 Sep 2012 15:24:01 UTC Severity: cr ...

Debian Bug report logs - #689070 Please take upstream D-Bus patches for CVE-2012-3524 Package: dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for dbus is src:dbus (PTS, buildd, popcon) Reported by: Geoffrey Thomas <gthomas@mokafivecom> Date: Fri, 28 Sep ...

/* dzugc CVE-2012-3524 PoC (C) 2012 Sebastian Krahmer * * Trivial non-dbus root exploit (Yes, it is 2012!) * * The underlying bug (insecure getenv() by default) has been * reported ages ago, but nobody really cared Unless you have an * exploit * */ #include <stdioh> #include <stdlibh> #include <unistdh> #include ...

CWE-264 http://www.openwall.com/lists/oss-security/2012/09/17/2 https://bugzilla.redhat.com/show_bug.cgi?id=857283 http://www.exploit-db.com/exploits/21323 http://www.spinics.net/lists/spice-devel/msg01940.html http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051 http://www.openwall.com/lists/oss-security/2012/09/14/2 http://www.securityfocus.com/bid/55555 http://www.openwall.com/lists/oss-security/2012/09/12/6 http://rhn.redhat.com/errata/RHSA-2012-1284.html https://access.redhat.com/errata/RHSA-2012:1284 https://nvd.nist.gov https://www.exploit-db.com/exploits/21323/

CVE-2012-4425

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect