Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2012-3524 CVE-2012-4425

dbus: privilege elevation via autolaunch

Synthesis of the vulnerability

A local attacker can use a suid root program linked to libdbus, and start dbus-launch, in order to gain root privileges.
Impacted products: Fedora, MBS, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 12/09/2012.
Identifiers: 697105, BID-55517, BID-55555, CVE-2012-3524, CVE-2012-4425, FEDORA-2012-14046, FEDORA-2012-14107, FEDORA-2012-14126, FEDORA-2012-14157, MDVSA-2013:070, MDVSA-2013:083, openSUSE-SU-2012:1287-1, openSUSE-SU-2012:1418-1, RHSA-2012:1261-01, SUSE-SU-2012:1155-1, SUSE-SU-2012:1155-2, VIGILANCE-VUL-11936.

Description of the vulnerability

The D-Bus system is used by local applications, in order to exchange messages.

The dbus-launch program starts a D-Bus daemon. If the DBUS_SYSTEM_BUS_ADDRESS environment variable is set to "autolaunch:", the dbus-launch program is automatically called by applications linked to libdbus. The dbus-launch program is first searched in /bin, then the PATH variable is used to find the program.

However, if the application is suid, the libdbus library accepts the load the DBUS_SYSTEM_BUS_ADDRESS and PATH variables. An attacker can thus change the PATH so that it starts by a directory containing a malicious program named dbus-launch. It can then use the "autolaunch" mode, so that the malicious program is searched in the PATH, and executed with privileges of the suid application.

A local attacker can therefore use a suid root program linked to libdbus, and start dbus-launch, in order to gain root privileges.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.



















Copyright 1999-2013 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française