Launchpad CVE tracker

CVE 2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

Related bugs and status

CVE-2012-3524 (Candidate) is related to these bugs:

Bug #740390: libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown

		In	Importance	Status
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu)	High	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	Ubuntu on EC2	Undecided	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu Lucid)	Medium	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	upstart (Ubuntu Lucid)	Undecided	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu Natty)	Medium	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	upstart (Ubuntu Natty)	Undecided	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu Oneiric)	Medium	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	upstart (Ubuntu Oneiric)	Undecided	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu Precise)	Medium	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	upstart (Ubuntu Precise)	Undecided	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	dbus (Ubuntu Quantal)	High	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	upstart (Ubuntu Quantal)	Wishlist	Invalid
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu)	Undecided	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu Lucid)	Undecided	Won't Fix
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu Natty)	Undecided	Won't Fix
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu Oneiric)	Undecided	Won't Fix
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu Precise)	Undecided	Fix Released
740390	libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown	libnih (Ubuntu Quantal)	Undecided	Fix Released

Bug #1058343: Regression in CVE-2012-3524 security update

		In	Importance	Status
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Hardy)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Lucid)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Natty)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Oneiric)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Precise)	Low	Fix Released
1058343	Regression in CVE-2012-3524 security update	dbus (Ubuntu Quantal)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3524

References