Lucene search

K
amazonAmazonALAS-2012-128
HistorySep 22, 2012 - 9:37 p.m.

Medium: dbus

2012-09-2221:37:00
alas.aws.amazon.com
25

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.6

Confidence

High

EPSS

0

Percentile

14.1%

Issue Overview:

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524)

Affected Packages:

dbus

Issue Correction:
Run yum update dbus to update your system.

New Packages:

i686:  
    dbus-libs-1.2.24-7.16.amzn1.i686  
    dbus-debuginfo-1.2.24-7.16.amzn1.i686  
    dbus-1.2.24-7.16.amzn1.i686  
    dbus-devel-1.2.24-7.16.amzn1.i686  
  
noarch:  
    dbus-doc-1.2.24-7.16.amzn1.noarch  
  
src:  
    dbus-1.2.24-7.16.amzn1.src  
  
x86_64:  
    dbus-1.2.24-7.16.amzn1.x86_64  
    dbus-devel-1.2.24-7.16.amzn1.x86_64  
    dbus-libs-1.2.24-7.16.amzn1.x86_64  
    dbus-debuginfo-1.2.24-7.16.amzn1.x86_64  

Additional References

Red Hat: CVE-2012-3524

Mitre: CVE-2012-3524

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.6

Confidence

High

EPSS

0

Percentile

14.1%