Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Solaris system is missing a security patch for third-party

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- libdbus 1.5.x and earlier, when used in setuid or other
privileged programs in and possibly other
products, allows local users to gain privileges and
execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS
environment variable. NOTE: libdbus maintainers state
that this is a vulnerability in the applications that do
not cleanse environment variables, not in libdbus
itself: 'we do not support use of libdbus in setuid
binaries that do not sanitize their environment before
their first call into libdbus.' (CVE-2012-3524)

See also :

Solution :

Upgrade to Solaris 11/11 SRU 12.4.

Risk factor :

Medium / CVSS Base Score : 6.9
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 80665 ()

Bugtraq ID:

CVE ID: CVE-2012-3524

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now