Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 435694 (CVE-2012-4425) - <net-misc/spice-gtk-0.14: privilege escalation and code exec vulnerability (CVE-2012-4425)
Summary: <net-misc/spice-gtk-0.14: privilege escalation and code exec vulnerability (C...
Status: RESOLVED FIXED
Alias: CVE-2012-4425
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa]
Keywords:
Depends on: 444224
Blocks:
  Show dependency tree
 
Reported: 2012-09-20 23:05 UTC by GLSAMaker/CVETool Bot
Modified: 2014-06-26 23:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-09-20 23:05:23 UTC
CVE-2012-4425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4425):
  libgio, when used in setuid or other privileged programs in spice-gtk and
  possibly other products, allows local users to gain privileges and execute
  arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable.  NOTE:
  it could be argued that this is a vulnerability in the applications that do
  not cleanse environment variables, not in libgio itself.


Looks like a patch may be available at:

http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051
Comment 1 Doug Goldstein gentoo-dev 2012-10-04 18:08:28 UTC
Rough look at the issue appears that it exists before the 0.14 release. Not sure how long it exists before that.
Comment 2 Sean Amoss gentoo-dev Security 2012-11-26 12:30:56 UTC
GLSA vote: yes.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 21:53:49 UTC
Vote: yes. GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-06-26 23:37:32 UTC
This issue was resolved and addressed in
 GLSA 201406-29 at http://security.gentoo.org/glsa/glsa-201406-29.xml
by GLSA coordinator Chris Reffett (creffett).