vulnerability alert CVE-2012-3524 CVE-2012-4425
dbus: privilege elevation via autolaunch
Synthesis of the vulnerability
A local attacker can use a suid root program linked to libdbus, and start dbus-launch, in order to gain root privileges.Impacted products:
Fedora, MBS, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
697105, BID-55517, BID-55555, CVE-2012-3524, CVE-2012-4425, FEDORA-2012-14046, FEDORA-2012-14107, FEDORA-2012-14126, FEDORA-2012-14157, MDVSA-2013:070, MDVSA-2013:083, openSUSE-SU-2012:1287-1, openSUSE-SU-2012:1418-1, RHSA-2012:1261-01, SUSE-SU-2012:1155-1, SUSE-SU-2012:1155-2, VIGILANCE-VUL-11936.
Description of the vulnerability
The D-Bus system is used by local applications, in order to exchange messages.
The dbus-launch program starts a D-Bus daemon. If the DBUS_SYSTEM_BUS_ADDRESS environment variable is set to "autolaunch:", the dbus-launch program is automatically called by applications linked to libdbus. The dbus-launch program is first searched in /bin, then the PATH variable is used to find the program.
However, if the application is suid, the libdbus library accepts the load the DBUS_SYSTEM_BUS_ADDRESS and PATH variables. An attacker can thus change the PATH so that it starts by a directory containing a malicious program named dbus-launch. It can then use the "autolaunch" mode, so that the malicious program is searched in the PATH, and executed with privileges of the suid application.
A local attacker can therefore use a suid root program linked to libdbus, and start dbus-launch, in order to gain root privileges.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability database
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.