CVE-2012-3524

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-3524
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-3524.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2012-3524
Related
Published
2012-09-18T17:55:00Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

References

Affected packages

Debian:11 / dbus

Package

Name
dbus
Purl
pkg:deb/debian/dbus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dbus

Package

Name
dbus
Purl
pkg:deb/debian/dbus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dbus

Package

Name
dbus
Purl
pkg:deb/debian/dbus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / glib2.0

Package

Name
glib2.0
Purl
pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.33.12+really2.32.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / glib2.0

Package

Name
glib2.0
Purl
pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.33.12+really2.32.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glib2.0

Package

Name
glib2.0
Purl
pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.33.12+really2.32.4-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}