Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

2015-01-1900:00:00

www.tenable.com

JSON

The remote Solaris system is missing necessary patches to address security updates :

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: ‘we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.’ (CVE-2012-3524)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80665);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-3524");

  script_name(english:"Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)");
  script_summary(english:"Check for the 'entire' version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Solaris system is missing a security patch for third-party
software."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote Solaris system is missing necessary patches to address
security updates :

  - libdbus 1.5.x and earlier, when used in setuid or other
    privileged programs in X.org and possibly other
    products, allows local users to gain privileges and
    execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS
    environment variable. NOTE: libdbus maintainers state
    that this is a vulnerability in the applications that do
    not cleanse environment variables, not in libdbus
    itself: 'we do not support use of libdbus in setuid
    binaries that do not sanitize their environment before
    their first call into libdbus.' (CVE-2012-3524)"
  );
  # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a913f44"
  );
  # https://blogs.oracle.com/sunsecurity/cve-2012-3524-permissions,-privileges,-and-access-controls-vulnerability-in-libdbus
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5a6fee51"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 12.4.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libdbus");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");

if (empty_or_null(egrep(string:pkg_list, pattern:"^libdbus$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdbus");

flag = 0;

if (solaris_check_release(release:"0.5.11-0.175.0.12.0.4.0", sru:"SRU 12.4") > 0) flag++;

if (flag)
{
  error_extra = 'Affected package : libdbus\n' + solaris_get_report2();
  error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
  if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libdbus");

VendorProductVersionCPE
oraclesolaris11.0cpe:/o:oracle:solaris:11.0
oraclesolarislibdbusp-cpe:/a:oracle:solaris:libdbus

Vendor	Product	Version	CPE
oracle	solaris	11.0	cpe:/o:oracle:solaris:11.0
oracle	solaris	libdbus	p-cpe:/a:oracle:solaris:libdbus

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524

www.nessus.org/u?4a913f44

www.nessus.org/u?5a6fee51

JSON

Related for SOLARIS11_LIBDBUS_20121016.NASL