Home > Vulnerability Database > CVE-2012-3524

Mend.io Vulnerability Database

CVE-2012-3524

Date: September 18, 2012

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

Severity Score

7.4

Related Resources (28)

Url: http://www.ubuntu.com/usn/USN-1576-1

Url: http://www.exploit-db.com/exploits/21323

Url: http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html

Url: http://secunia.com/advisories/50544

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:083

Url: http://stealth.openwall.net/null/dzug.c

Url: https://bugzilla.novell.com/show_bug.cgi?id=697105

Url: http://www.openwall.com/lists/oss-security/2012/07/26/1

Url: https://bugs.freedesktop.org/show_bug.cgi?id=52202

Url: http://www.openwall.com/lists/oss-security/2012/09/12/6

Url: http://www.openwall.com/lists/oss-security/2012/09/17/2

Url: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html

Url: http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html

Url: http://www.openwall.com/lists/oss-security/2012/09/14/2

Url: https://access.redhat.com/security/cve/CVE-2012-3524

Url: http://www.ubuntu.com/usn/USN-1576-2

Url: https://security-tracker.debian.org/tracker/CVE-2012-3524

Url: https://bugzilla.redhat.com/show_bug.cgi?id=847402

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-3524

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3524

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:070

Url: http://secunia.com/advisories/50710

Url: http://secunia.com/advisories/50537

Url: http://www.openwall.com/lists/oss-security/2012/07/10/4

Url: http://rhn.redhat.com/errata/RHSA-2012-1261.html

Url: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html

Url: http://www.securityfocus.com/bid/55517

Url: https://www.mend.io/vulnerability-database/CVE-2012-3524

Severity Score

7.4

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-3524

Date: September 18, 2012

Severity Score

Related Resources (28)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?