Candidate: CVE-2012-4425 PublicDate: 2012-09-18 17:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4425 http://seclists.org/oss-sec/2012/q3/470 Description: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. Ubuntu-Description: Notes: mdeslaur> RedHat has fixed this in spice-gtk itself. mdeslaur> Setting as low, since spice-gtk is probably one of the only mdeslaur> apps to do this. Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4425 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689155 Priority: low Discovered-by: Sebastian Krahmer Assigned-to: CVSS: Patches_glib2.0: upstream: http://git.gnome.org/browse/glib/commit/?id=d6cbb29f598d677d5fc1c974cba6d9f646cff491 upstream_glib2.0: released (2.33.14) hardy_glib2.0: ignored (reached end-of-life) lucid_glib2.0: ignored (reached end-of-life) natty_glib2.0: needed oneiric_glib2.0: ignored (reached end-of-life) precise_glib2.0: ignored (reached end-of-life) precise/esm_glib2.0: ignored (end of ESM support, was needed) quantal_glib2.0: not-affected (2.34.0-1ubuntu1) raring_glib2.0: not-affected (2.34.1-1) saucy_glib2.0: not-affected (2.34.1-1) trusty_glib2.0: not-affected (2.34.1-1) trusty/esm_glib2.0: not-affected (2.34.1-1) utopic_glib2.0: not-affected (2.34.1-1) vivid_glib2.0: not-affected (2.34.1-1) vivid/stable-phone-overlay_glib2.0: not-affected (2.34.1-1) vivid/ubuntu-core_glib2.0: not-affected (2.34.1-1) wily_glib2.0: not-affected (2.34.1-1) xenial_glib2.0: not-affected (2.34.1-1) esm-infra/xenial_glib2.0: not-affected (2.34.1-1) yakkety_glib2.0: not-affected (2.34.1-1) zesty_glib2.0: not-affected (2.34.1-1) artful_glib2.0: not-affected (2.34.1-1) bionic_glib2.0: not-affected (2.34.1-1) cosmic_glib2.0: not-affected (2.34.1-1) disco_glib2.0: not-affected (2.34.1-1) eoan_glib2.0: not-affected (2.34.1-1) focal_glib2.0: not-affected (2.34.1-1) groovy_glib2.0: not-affected (2.34.1-1) hirsute_glib2.0: not-affected (2.34.1-1) devel_glib2.0: not-affected (2.34.1-1) Patches_spice-gtk: vendor: https://rhn.redhat.com/errata/RHSA-2012-1284.html Priority_spice-gtk: medium upstream_spice-gtk: needs-triage hardy_spice-gtk: DNE lucid_spice-gtk: DNE natty_spice-gtk: DNE oneiric_spice-gtk: DNE precise_spice-gtk: not-affected (code not compiled) precise/esm_spice-gtk: DNE (precise was not-affected [code not compiled]) quantal_spice-gtk: ignored (reached end-of-life) raring_spice-gtk: not-affected (0.14-1) saucy_spice-gtk: not-affected (0.14-1) trusty_spice-gtk: not-affected (0.14-1) trusty/esm_spice-gtk: DNE (trusty was not-affected [0.14-1]) utopic_spice-gtk: not-affected (0.14-1) vivid_spice-gtk: not-affected (0.14-1) vivid/stable-phone-overlay_spice-gtk: DNE vivid/ubuntu-core_spice-gtk: DNE wily_spice-gtk: not-affected (0.14-1) xenial_spice-gtk: not-affected (0.14-1) yakkety_spice-gtk: not-affected (0.14-1) zesty_spice-gtk: not-affected (0.14-1) artful_spice-gtk: not-affected (0.14-1) bionic_spice-gtk: not-affected (0.14-1) cosmic_spice-gtk: not-affected (0.14-1) disco_spice-gtk: not-affected (0.14-1) eoan_spice-gtk: not-affected (0.14-1) focal_spice-gtk: not-affected (0.14-1) groovy_spice-gtk: not-affected (0.14-1) hirsute_spice-gtk: not-affected (0.14-1) devel_spice-gtk: not-affected (0.14-1)