Novell Home

CVE-2012-3524

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3524 at MITRE

Description

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 697105, 852781

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1 LTSS
  • dbus-1 >= 1.2.10-3.25.2
  • dbus-1-x11 >= 1.2.10-3.25.2
sles11-sp1-ltss.s390x
sles11-sp1-ltss.x86-64
SAT Patch Nr: 6750
SUSE Linux Enterprise Server 11 SP1 LTSS
  • dbus-1 >= 1.2.10-3.25.2
  • dbus-1-32bit >= 1.2.10-3.25.2
  • dbus-1-x11 >= 1.2.10-3.25.2
sles11-sp1-ltss.s390x
sles11-sp1-ltss.x86-64
SAT Patch Nr: 6750
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-32bit >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733
SUSE Linux Enterprise Server 11 SP2
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
  • dbus-1-x86 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733

© 2014 Novell