Medium: dbus

2012-09-2221:37:00

alas.aws.amazon.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.3%

JSON

Issue Overview:

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524)

Affected Packages:

dbus

Issue Correction:
Run yum update dbus to update your system.

New Packages:

i686:  
    dbus-libs-1.2.24-7.16.amzn1.i686  
    dbus-debuginfo-1.2.24-7.16.amzn1.i686  
    dbus-1.2.24-7.16.amzn1.i686  
    dbus-devel-1.2.24-7.16.amzn1.i686  
  
noarch:  
    dbus-doc-1.2.24-7.16.amzn1.noarch  
  
src:  
    dbus-1.2.24-7.16.amzn1.src  
  
x86_64:  
    dbus-1.2.24-7.16.amzn1.x86_64  
    dbus-devel-1.2.24-7.16.amzn1.x86_64  
    dbus-libs-1.2.24-7.16.amzn1.x86_64  
    dbus-debuginfo-1.2.24-7.16.amzn1.x86_64

Additional References

Red Hat: CVE-2012-3524

Mitre: CVE-2012-3524

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686dbus-libs< 1.2.24-7.16.amzn1dbus-libs-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux1i686dbus-debuginfo< 1.2.24-7.16.amzn1dbus-debuginfo-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux1i686dbus< 1.2.24-7.16.amzn1dbus-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux1i686dbus-devel< 1.2.24-7.16.amzn1dbus-devel-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux1noarchdbus-doc< 1.2.24-7.16.amzn1dbus-doc-1.2.24-7.16.amzn1.noarch.rpm
Amazon Linux1x86_64dbus< 1.2.24-7.16.amzn1dbus-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux1x86_64dbus-devel< 1.2.24-7.16.amzn1dbus-devel-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux1x86_64dbus-libs< 1.2.24-7.16.amzn1dbus-libs-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux1x86_64dbus-debuginfo< 1.2.24-7.16.amzn1dbus-debuginfo-1.2.24-7.16.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	dbus-libs	< 1.2.24-7.16.amzn1	dbus-libs-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux	1	i686	dbus-debuginfo	< 1.2.24-7.16.amzn1	dbus-debuginfo-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux	1	i686	dbus	< 1.2.24-7.16.amzn1	dbus-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux	1	i686	dbus-devel	< 1.2.24-7.16.amzn1	dbus-devel-1.2.24-7.16.amzn1.i686.rpm
Amazon Linux	1	noarch	dbus-doc	< 1.2.24-7.16.amzn1	dbus-doc-1.2.24-7.16.amzn1.noarch.rpm
Amazon Linux	1	x86_64	dbus	< 1.2.24-7.16.amzn1	dbus-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	dbus-devel	< 1.2.24-7.16.amzn1	dbus-devel-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	dbus-libs	< 1.2.24-7.16.amzn1	dbus-libs-1.2.24-7.16.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	dbus-debuginfo	< 1.2.24-7.16.amzn1	dbus-debuginfo-1.2.24-7.16.amzn1.x86_64.rpm