CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
14.1%
Issue Overview:
It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524)
Affected Packages:
dbus
Issue Correction:
Run yum update dbus to update your system.
New Packages:
i686:
dbus-libs-1.2.24-7.16.amzn1.i686
dbus-debuginfo-1.2.24-7.16.amzn1.i686
dbus-1.2.24-7.16.amzn1.i686
dbus-devel-1.2.24-7.16.amzn1.i686
noarch:
dbus-doc-1.2.24-7.16.amzn1.noarch
src:
dbus-1.2.24-7.16.amzn1.src
x86_64:
dbus-1.2.24-7.16.amzn1.x86_64
dbus-devel-1.2.24-7.16.amzn1.x86_64
dbus-libs-1.2.24-7.16.amzn1.x86_64
dbus-debuginfo-1.2.24-7.16.amzn1.x86_64
Red Hat: CVE-2012-3524
Mitre: CVE-2012-3524
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | dbus-libs | < 1.2.24-7.16.amzn1 | dbus-libs-1.2.24-7.16.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | dbus-debuginfo | < 1.2.24-7.16.amzn1 | dbus-debuginfo-1.2.24-7.16.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | dbus | < 1.2.24-7.16.amzn1 | dbus-1.2.24-7.16.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | dbus-devel | < 1.2.24-7.16.amzn1 | dbus-devel-1.2.24-7.16.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | dbus-doc | < 1.2.24-7.16.amzn1 | dbus-doc-1.2.24-7.16.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | dbus | < 1.2.24-7.16.amzn1 | dbus-1.2.24-7.16.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | dbus-devel | < 1.2.24-7.16.amzn1 | dbus-devel-1.2.24-7.16.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | dbus-libs | < 1.2.24-7.16.amzn1 | dbus-libs-1.2.24-7.16.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | dbus-debuginfo | < 1.2.24-7.16.amzn1 | dbus-debuginfo-1.2.24-7.16.amzn1.x86_64.rpm |