On Sat, Sep 29, 2012 at 04:58:55PM +0100, Simon McVittie wrote:
> On 28/09/12 22:30, Geoffrey Thomas wrote:
> > CVE-2012-3524 is about setuid binaries linking libdbus being easily
> > trickable to do bad things via a malicious PATH (for finding
> > dbus-launch), or through a DBUS_* address variable
On 28/09/12 22:30, Geoffrey Thomas wrote:
> CVE-2012-3524 is about setuid binaries linking libdbus being easily
> trickable to do bad things via a malicious PATH (for finding
> dbus-launch), or through a DBUS_* address variable using the unixexec
> address type.
Potentially-vulnerable binaries are
On 29/09/12 15:44, Simon McVittie wrote:
> I believe the libdbus part of this CVE affects wheezy and certain unusual
> squeeze configurations. The known vectors for privilege escalation are:
>
> * tell libdbus (explicitly or via it being the session-bus default) to
> connect to autolaunch: which
On Fri, 28 Sep 2012 at 14:30:37 -0700, Geoffrey Thomas wrote:
> CVE-2012-3524 is about setuid binaries linking libdbus being easily
> trickable to do bad things via a malicious PATH (for finding
> dbus-launch), or through a DBUS_* address variable using the
> unixexec address type.
This also affec
Package: dbus
Severity: serious
Justification: local privilege escalation
Tags: security
Hi,
CVE-2012-3524 is about setuid binaries linking libdbus being easily
trickable to do bad things via a malicious PATH (for finding dbus-launch),
or through a DBUS_* address variable using the unixexec ad
5 matches
Mail list logo
