Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-128)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120486

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-128)

Resumen: The remote host is missing an update for the 'dbus' package(s) announced via the ALAS-2012-128 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dbus' package(s) announced via the ALAS-2012-128 advisory.

Vulnerability Insight:
It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524)

Affected Software/OS:
'dbus' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3524
21323
http://www.exploit-db.com/exploits/21323
50537
http://secunia.com/advisories/50537
50544
http://secunia.com/advisories/50544
50710
http://secunia.com/advisories/50710
55517
http://www.securityfocus.com/bid/55517
MDVSA-2013:070
http://www.mandriva.com/security/advisories?name=MDVSA-2013:070
MDVSA-2013:083
http://www.mandriva.com/security/advisories?name=MDVSA-2013:083
RHSA-2012:1261
http://rhn.redhat.com/errata/RHSA-2012-1261.html
SUSE-SU-2012:1155
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html
SUSE-SU-2012:1155-2
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html
USN-1576-1
http://www.ubuntu.com/usn/USN-1576-1
USN-1576-2
http://www.ubuntu.com/usn/USN-1576-2
[oss-security] 20120710 libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/10/4
[oss-security] 20120726 Re: libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/26/1
[oss-security] 20120912 libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/12/6
[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/14/2
[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/17/2
http://stealth.openwall.net/null/dzug.c
https://bugs.freedesktop.org/show_bug.cgi?id=52202
https://bugzilla.novell.com/show_bug.cgi?id=697105
https://bugzilla.redhat.com/show_bug.cgi?id=847402
openSUSE-SU-2012:1287
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html
openSUSE-SU-2012:1418
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120486
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-128)
Resumen:	The remote host is missing an update for the 'dbus' package(s) announced via the ALAS-2012-128 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dbus' package(s) announced via the ALAS-2012-128 advisory. Vulnerability Insight: It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524) Affected Software/OS: 'dbus' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3524 21323 http://www.exploit-db.com/exploits/21323 50537 http://secunia.com/advisories/50537 50544 http://secunia.com/advisories/50544 50710 http://secunia.com/advisories/50710 55517 http://www.securityfocus.com/bid/55517 MDVSA-2013:070 http://www.mandriva.com/security/advisories?name=MDVSA-2013:070 MDVSA-2013:083 http://www.mandriva.com/security/advisories?name=MDVSA-2013:083 RHSA-2012:1261 http://rhn.redhat.com/errata/RHSA-2012-1261.html SUSE-SU-2012:1155 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html SUSE-SU-2012:1155-2 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html USN-1576-1 http://www.ubuntu.com/usn/USN-1576-1 USN-1576-2 http://www.ubuntu.com/usn/USN-1576-2 [oss-security] 20120710 libdbus hardening http://www.openwall.com/lists/oss-security/2012/07/10/4 [oss-security] 20120726 Re: libdbus hardening http://www.openwall.com/lists/oss-security/2012/07/26/1 [oss-security] 20120912 libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/12/6 [oss-security] 20120914 Re: libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/14/2 [oss-security] 20120917 Re: libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/17/2 http://stealth.openwall.net/null/dzug.c https://bugs.freedesktop.org/show_bug.cgi?id=52202 https://bugzilla.novell.com/show_bug.cgi?id=697105 https://bugzilla.redhat.com/show_bug.cgi?id=847402 openSUSE-SU-2012:1287 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
Copyright	Copyright (C) 2015 Greenbone AG