English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-3524
Description:libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
Test IDs: 1.3.6.1.4.1.25623.1.0.864744   1.3.6.1.4.1.25623.1.0.881489   1.3.6.1.4.1.25623.1.0.123816   1.3.6.1.4.1.25623.1.0.72413   1.3.6.1.4.1.25623.1.0.123823   1.3.6.1.4.1.25623.1.0.841153   1.3.6.1.4.1.25623.1.0.864725   1.3.6.1.4.1.25623.1.0.121204   1.3.6.1.4.1.25623.1.0.864831   1.3.6.1.4.1.25623.1.0.72331   1.3.6.1.4.1.25623.1.1.4.2012.1155.2   1.3.6.1.4.1.25623.1.0.72157   1.3.6.1.4.1.25623.1.0.841177   1.3.6.1.4.1.25623.1.1.4.2012.1155.1   1.3.6.1.4.1.25623.1.0.870830   1.3.6.1.4.1.25623.1.0.120486  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-3524
21323
http://www.exploit-db.com/exploits/21323
50537
http://secunia.com/advisories/50537
50544
http://secunia.com/advisories/50544
50710
http://secunia.com/advisories/50710
55517
http://www.securityfocus.com/bid/55517
MDVSA-2013:070
http://www.mandriva.com/security/advisories?name=MDVSA-2013:070
MDVSA-2013:083
http://www.mandriva.com/security/advisories?name=MDVSA-2013:083
RHSA-2012:1261
http://rhn.redhat.com/errata/RHSA-2012-1261.html
SUSE-SU-2012:1155
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html
SUSE-SU-2012:1155-2
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html
USN-1576-1
http://www.ubuntu.com/usn/USN-1576-1
USN-1576-2
http://www.ubuntu.com/usn/USN-1576-2
[oss-security] 20120710 libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/10/4
[oss-security] 20120726 Re: libdbus hardening
http://www.openwall.com/lists/oss-security/2012/07/26/1
[oss-security] 20120912 libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/12/6
[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/14/2
[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix
http://www.openwall.com/lists/oss-security/2012/09/17/2
http://stealth.openwall.net/null/dzug.c
http://stealth.openwall.net/null/dzug.c
https://bugs.freedesktop.org/show_bug.cgi?id=52202
https://bugs.freedesktop.org/show_bug.cgi?id=52202
https://bugzilla.novell.com/show_bug.cgi?id=697105
https://bugzilla.novell.com/show_bug.cgi?id=697105
https://bugzilla.redhat.com/show_bug.cgi?id=847402
https://bugzilla.redhat.com/show_bug.cgi?id=847402
openSUSE-SU-2012:1287
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html
openSUSE-SU-2012:1418
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html



© 1998-2025 E-Soft Inc. All rights reserved.