6.9

CVE-2012-4425

Exploit

EPSS 0.52%
Published 18.09.2012 17:55:08
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable.  NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Freedesktop ≫ Spice-gtk Version-

Gtk ≫ Libgio Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.52%	0.657

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://www.exploit-db.com/exploits/21323

Exploit

http://www.openwall.com/lists/oss-security/2012/09/12/6

http://www.openwall.com/lists/oss-security/2012/09/14/2

http://www.openwall.com/lists/oss-security/2012/09/17/2

http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051

Patch

http://rhn.redhat.com/errata/RHSA-2012-1284.html

http://www.securityfocus.com/bid/55555

http://www.spinics.net/lists/spice-devel/msg01940.html

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=857283

https://nvd.nist.gov/vuln/detail/CVE-2012-4425

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4425

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4425

EUVD