Arbitrary Code Execution

spice-gtk is vulnerable to arbitrary code execution attacks. The vulnerability exists as libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment...

Gentoo Security Advisory GLSA 201406-29

Gentoo Linux Local Security Checks GLSA 201406-29 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

GLSA-201406-29 : spice-gtk: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201406-29 spice-gtk: Privilege escalation spice-gtk does not properly sanitize the DBUSSYSTEMBUSADDRESS environment variable. Impact : A local attacker may be able to gain escalated privileges. Workaround : There is no known...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

The CVE affects spice-gtk (and possibly other products) where libgio is used in setuid/privileged contexts. The root cause is inadequate sanitization of the DBUS_SYSTEM_BUS_ADDRESS environment variable, enabling a local attacker to gain escalated privileges and execute arbitrary code. Evidence in...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

libdbus - DBUS_SYSTEM_BUS_ADDRESS Local Privilege Escalation

libdbus - DBUSSYSTEMBUSADDRESS Local Privilege Escalation / dzug.c CVE-2012-3524 PoC C 2012 Sebastian Krahmer Trivial non-dbus root exploit. Yes, it is 2012! The underlying bug insecure getenv by default has been reported ages ago, but nobody really cared. Unless you have an exploit... / include...