Lucene search
UbuntuUSN-1576-1HistorySep 20, 2012 - 12:00 a.m.
DBus vulnerability
2012-09-2000:00:00
ubuntu.com
31
5.8 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.3%
Releases
- Ubuntu 12.04
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04
- Ubuntu 8.04
Packages
- dbus - simple interprocess messaging system
Details
Sebastian Krahmer discovered that DBus incorrectly handled environment
variables when running with elevated privileges. A local attacker could
possibly exploit this flaw with a setuid binary and gain root privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 8.04 | noarch | dbus | < 1.1.20-1ubuntu3.7 | UNKNOWN |
| Ubuntu | 8.04 | noarch | dbus-x11 | < 1.1.20-1ubuntu3.7 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libdbus-1-3 | < 1.1.20-1ubuntu3.7 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libdbus-1-dev | < 1.1.20-1ubuntu3.7 | UNKNOWN |
| Ubuntu | 12.04 | noarch | dbus | < 1.4.18-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | dbus-1-dbg | < 1.4.18-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | dbus-x11 | < 1.4.18-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libdbus-1-3 | < 1.4.18-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libdbus-1-dev | < 1.4.18-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dbus | < 1.4.14-1ubuntu1.1 | UNKNOWN |
References
Related
openvas
openvas
RedHat Update for dbus RHSA-2012:1261-01
2012-09-17 00:00:00
Fedora Update for dbus FEDORA-2012-14157
2012-09-27 00:00:00
Fedora Update for dbus FEDORA-2012-14157
2012-09-27 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: dbus-1.4.10-4.fc16
2012-11-02 03:19:54
[SECURITY] Fedora 17 Update: glib2-2.32.4-2.fc17
2012-09-26 09:06:48
[SECURITY] Fedora 17 Update: dbus-1.4.10-5.fc17
2012-09-26 09:06:48
nessus
nessus
Oracle Linux 6 : dbus (ELSA-2012-1261)
2013-07-12 00:00:00
Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)
2015-01-19 00:00:00
CentOS 6 : dbus (CESA-2012:1261)
2012-09-14 00:00:00
suse
suse
Security update for dbus-1 (important)
2012-09-12 20:08:37
Security update for dbus-1 (important)
2012-09-14 02:08:32
update for dbus-1, dbus-1-x11 (important)
2012-10-04 18:08:33
exploitpack
exploitpack
libdbus - DBUS_SYSTEM_BUS_ADDRESS Local Privilege Escalation
2012-07-17 00:00:00
securityvulns
securityvulns
[USN-1576-1] DBus vulnerability
2012-10-04 00:00:00
dbus privilege escalation
2012-10-04 00:00:00
centos
centos
dbus security update
2012-09-13 20:54:00
ubuntucve
ubuntucve
CVE-2012-3524
2012-09-14 00:00:00
seebug
seebug
libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation
2014-07-01 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:57:13
cve
cve
CVE-2012-3524
2012-09-18 17:55:00
prion
prion
Code injection
2012-09-18 17:55:00
redhat
redhat
(RHSA-2012:1261) Moderate: dbus security update
2012-09-13 00:00:00
(RHSA-2012:1325) Important: rhev-hypervisor6 security and bug fix update
2012-10-02 00:00:00
debiancve
debiancve
CVE-2012-3524
2012-09-18 17:55:00
gentoo
gentoo
D-Bus, GLib: Privilege escalation
2014-06-01 00:00:00
amazon
amazon
Medium: dbus
2012-09-22 21:37:00
ubuntu
ubuntu
DBus regressions
2012-10-04 00:00:00
oraclelinux
oraclelinux
dbus security update
2012-09-13 00:00:00
spice-gtk security update
2012-09-17 00:00:00
exploitdb
exploitdb
libdbus - 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation
2012-07-17 00:00:00
5.8 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.3%
Related for USN-1576-1