CVE-2012-4425
published 2012-09-18CVE-2012-4425: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary…
PriorityP335medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
1.09%
61.3th percentile
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spice-gtk | < spice-gtk 0.12-5 (bookworm) | spice-gtk 0.12-5 (bookworm) |
| spice-gtk_project | spice-gtk | >= 0 < 0.12-5 | 0.12-5 |
| spice-gtk_project | spice-gtk | >= 0 < 0.12-5 | 0.12-5 |
| spice-gtk_project | spice-gtk | >= 0 < 0.12-5 | 0.12-5 |
| spice-gtk_project | spice-gtk | >= 0 < 0.12-5 | 0.12-5 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
vendor_redhat·2012-09-12·CVSS 6.9
CVE-2012-4425 [MEDIUM] spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
Debian
CVE-2012-4425: spice-gtk - libgio, when used in setuid or other privileged programs in spice-gtk and possib...
vendor_debian·2012·CVSS 6.9
CVE-2012-4425 [MEDIUM] CVE-2012-4425: spice-gtk - libgio, when used in setuid or other privileged programs in spice-gtk and possib...
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
Scope: local
bookworm: resolved (fixed in 0.12-5)
bullseye: resolved (fixed in 0.12-5)
forky: resolved (fixed in 0.12-5)
sid: resolved (fixed in 0.12-5)
trixie: resolved (fixed in 0.12-5)
GHSA
GHSA-c77h-vm5q-jc2m: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute a
ghsa_unreviewed·2022-05-17
CVE-2012-4425 [MEDIUM] GHSA-c77h-vm5q-jc2m: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute a
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
OSV
CVE-2012-4425: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute a
osv·2012-09-18·CVSS 6.9
CVE-2012-4425 [MEDIUM] CVE-2012-4425: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute a
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
No detection rules found.
Bugzilla
CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
bugzilla·2012-09-14·CVSS 6.9
CVE-2012-4425 [MEDIUM] CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application.
This flaw is similar to CVE-2012-3524
Discussion:
Created spice-gtk tracking bugs for this issue
Affects: fedora-all [bug 857228]
---
Acknowledgement:
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
---
Reference:
http://seclists.org/oss-sec/2012/q3/470
---
Created glib2 tracking bugs for this issue
Affects: fed
Bugzilla
CVE-2012-4425 X.org: arbitrary code execution as root when libdbus >= 1.5 is used [fedora-all]
bugzilla·2012-09-13·CVSS 6.9
CVE-2012-4425 [MEDIUM] CVE-2012-4425 X.org: arbitrary code execution as root when libdbus >= 1.5 is used [fedora-all]
CVE-2012-4425 X.org: arbitrary code execution as root when libdbus >= 1.5 is used [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/
http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051http://rhn.redhat.com/errata/RHSA-2012-1284.htmlhttp://www.exploit-db.com/exploits/21323http://www.openwall.com/lists/oss-security/2012/09/12/6http://www.openwall.com/lists/oss-security/2012/09/14/2http://www.openwall.com/lists/oss-security/2012/09/17/2http://www.securityfocus.com/bid/55555http://www.spinics.net/lists/spice-devel/msg01940.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=857283http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051http://rhn.redhat.com/errata/RHSA-2012-1284.htmlhttp://www.exploit-db.com/exploits/21323http://www.openwall.com/lists/oss-security/2012/09/12/6http://www.openwall.com/lists/oss-security/2012/09/14/2http://www.openwall.com/lists/oss-security/2012/09/17/2http://www.securityfocus.com/bid/55555http://www.spinics.net/lists/spice-devel/msg01940.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=857283
2012-09-18
Published