Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201406-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.121204

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201406-01

Resumen: Gentoo Linux Local Security Checks GLSA 201406-01

Descripción: Summary:
Gentoo Linux Local Security Checks GLSA 201406-01

Vulnerability Insight:
When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the DBUS_SYSTEM_BUS_ADDRESS variable. GLib can be used in a setuid context with D-Bus, and so can trigger this vulnerability. Please review the CVE identifier below for more details.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3524
21323
http://www.exploit-db.com/exploits/21323
50537
http://secunia.com/advisories/50537
50544
http://secunia.com/advisories/50544
50710
http://secunia.com/advisories/50710
55517
http://www.securityfocus.com/bid/55517
MDVSA-2013:070
http://www.mandriva.com/security/advisories?name=MDVSA-2013:070
MDVSA-2013:083
http://www.mandriva.com/security/advisories?name=MDVSA-2013:083
RHSA-2012:1261
http://rhn.redhat.com/errata/RHSA-2012-1261.html
SUSE-SU-2012:1155
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html
SUSE-SU-2012:1155-2
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html
USN-1576-1
http://www.ubuntu.com/usn/USN-1576-1
USN-1576-2
http://www.ubuntu.com/usn/USN-1576-2
[oss-security] 20120710 libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/10/4
[oss-security] 20120726 Re: libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/26/1
[oss-security] 20120912 libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/12/6
[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/14/2
[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/17/2
http://stealth.openwall.net/null/dzug.c
https://bugs.freedesktop.org/show_bug.cgi?id=52202
https://bugzilla.novell.com/show_bug.cgi?id=697105
https://bugzilla.redhat.com/show_bug.cgi?id=847402
openSUSE-SU-2012:1287
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html
openSUSE-SU-2012:1418
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.121204
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201406-01
Resumen:	Gentoo Linux Local Security Checks GLSA 201406-01
Descripción:	Summary: Gentoo Linux Local Security Checks GLSA 201406-01 Vulnerability Insight: When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the DBUS_SYSTEM_BUS_ADDRESS variable. GLib can be used in a setuid context with D-Bus, and so can trigger this vulnerability. Please review the CVE identifier below for more details. Solution: Update the affected packages to the latest available version. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3524 21323 http://www.exploit-db.com/exploits/21323 50537 http://secunia.com/advisories/50537 50544 http://secunia.com/advisories/50544 50710 http://secunia.com/advisories/50710 55517 http://www.securityfocus.com/bid/55517 MDVSA-2013:070 http://www.mandriva.com/security/advisories?name=MDVSA-2013:070 MDVSA-2013:083 http://www.mandriva.com/security/advisories?name=MDVSA-2013:083 RHSA-2012:1261 http://rhn.redhat.com/errata/RHSA-2012-1261.html SUSE-SU-2012:1155 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html SUSE-SU-2012:1155-2 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html USN-1576-1 http://www.ubuntu.com/usn/USN-1576-1 USN-1576-2 http://www.ubuntu.com/usn/USN-1576-2 [oss-security] 20120710 libdbus hardening http://www.openwall.com/lists/oss-security/2012/07/10/4 [oss-security] 20120726 Re: libdbus hardening http://www.openwall.com/lists/oss-security/2012/07/26/1 [oss-security] 20120912 libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/12/6 [oss-security] 20120914 Re: libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/14/2 [oss-security] 20120917 Re: libdbus CVE-2012-3524 fix http://www.openwall.com/lists/oss-security/2012/09/17/2 http://stealth.openwall.net/null/dzug.c https://bugs.freedesktop.org/show_bug.cgi?id=52202 https://bugzilla.novell.com/show_bug.cgi?id=697105 https://bugzilla.redhat.com/show_bug.cgi?id=847402 openSUSE-SU-2012:1287 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
Copyright	Copyright (C) 2015 Eero Volotinen