QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-3524

Back to search

CVE-2012-3524

Published: Sep 18, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

VendorProductVersions

n/a

n/a

affected
n/a

References

SUSE-SU-2012:1155
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:1287
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:1418
vendor-advisory
x_refsource_SUSE
50544
third-party-advisory
x_refsource_SECUNIA
USN-1576-1
vendor-advisory
x_refsource_UBUNTU
50537
third-party-advisory
x_refsource_SECUNIA
21323
exploit
x_refsource_EXPLOIT-DB
55517
vdb-entry
x_refsource_BID
RHSA-2012:1261
vendor-advisory
x_refsource_REDHAT
[oss-security] 20120710 libdbus hardening
mailing-list
x_refsource_MLIST
MDVSA-2013:083
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2013:070
vendor-advisory
x_refsource_MANDRIVA
50710
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2012:1155-2
vendor-advisory
x_refsource_SUSE
USN-1576-2
vendor-advisory
x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now