|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for dbus RHSA-2012:1261-01|
|Summary:||The remote host is missing an update for the 'dbus'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'dbus'
package(s) announced via the referenced advisory.
D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
It was discovered that the D-Bus library honored environment settings even
when running with elevated privileges. A local attacker could possibly use
this flaw to escalate their privileges, by setting specific environment
variables before running a setuid or setgid application linked against the
D-Bus library (libdbus). (CVE-2012-3524)
Note: With this update, libdbus ignores environment variables when used by
setuid or setgid applications. The environment is not ignored when an
application gains privileges via file system capabilities. However, no
application shipped in Red Hat Enterprise Linux 6 gains privileges via file
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
All users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. For the update to take effect, all
running instances of dbus-daemon and all running applications using the
libdbus library must be restarted, or the system rebooted.
dbus on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-3524|
BugTraq ID: 55517
RedHat Security Advisories: RHSA-2012:1261
SuSE Security Announcement: SUSE-SU-2012:1155 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1155-2 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1287 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1418 (Google Search)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.