Lucene search
CentOS Update for dbus CESA-2012:1261 centos6
🗓️ 17 Sep 2012 00:00:00Reported by Copyright (c) 2012 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 33 Views
CentOS Update for dbus CESA-2012:1261 centos6. D-Bus library honors environment settings when running with elevated privileges, allows privilege escalation. Updated packages contain backported patch to correct this issue
Show more
| Reporter | Title | Published | Views | Family All 68 |
|---|---|---|---|---|
 | [SECURITY] Fedora 16 Update: dbus-1.4.10-4.fc16 | 2 Nov 201203:19 | – | fedora |
| [SECURITY] Fedora 17 Update: dbus-1.4.10-5.fc17 | 26 Sep 201209:06 | – | fedora |
| [SECURITY] Fedora 17 Update: glib2-2.32.4-2.fc17 | 26 Sep 201209:06 | – | fedora |
 | Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges) | 19 Jan 201500:00 | – | nessus |
| CentOS 6 : dbus (CESA-2012:1261) | 14 Sep 201200:00 | – | nessus |
| openSUSE Security Update : dbus-1 / dbus-1-x11 (openSUSE-SU-2012:1287-1) | 13 Jun 201400:00 | – | nessus |
| Mandriva Linux Security Advisory : dbus (MDVSA-2013:070) | 20 Apr 201300:00 | – | nessus |
| Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dbus vulnerability (USN-1576-1) | 21 Sep 201200:00 | – | nessus |
| Scientific Linux Security Update : dbus on SL6.x i386/x86_64 (20120913) | 15 Sep 201200:00 | – | nessus |
| Amazon Linux AMI : dbus (ALAS-2012-128) | 4 Sep 201300:00 | – | nessus |
10
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for dbus CESA-2012:1261 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.
It was discovered that the D-Bus library honored environment settings even
when running with elevated privileges. A local attacker could possibly use
this flaw to escalate their privileges, by setting specific environment
variables before running a setuid or setgid application linked against the
D-Bus library (libdbus). (CVE-2012-3524)
Note: With this update, libdbus ignores environment variables when used by
setuid or setgid applications. The environment is not ignored when an
application gains privileges via file system capabilities; however, no
application shipped in Red Hat Enterprise Linux 6 gains privileges via file
system capabilities.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.";
tag_affected = "dbus on CentOS 6";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2012-September/018872.html");
script_id(881489);
script_version("$Revision: 8336 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $");
script_tag(name:"creation_date", value:"2012-09-17 16:44:08 +0530 (Mon, 17 Sep 2012)");
script_cve_id("CVE-2012-3524");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "CESA", value: "2012:1261");
script_name("CentOS Update for dbus CESA-2012:1261 centos6 ");
script_tag(name: "summary" , value: "Check for the Version of dbus");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"dbus", rpm:"dbus~1.2.24~7.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dbus-devel", rpm:"dbus-devel~1.2.24~7.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dbus-doc", rpm:"dbus-doc~1.2.24~7.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dbus-libs", rpm:"dbus-libs~1.2.24~7.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dbus-x11", rpm:"dbus-x11~1.2.24~7.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Sep 2012 00:00Current
5.6Medium risk
Vulners AI Score5.6
EPSS0.63941