Upstream information

CVE-2012-3524 at MITRE

Description

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.89
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 697105 [RESOLVED / FIXED], 852781 [CLOSED / FIXED], 912016

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • dbus-1 >= 1.8.8-1.5
  • dbus-1-x11 >= 1.8.8-1.5
  • glib2-lang >= 2.38.2-5.12
  • glib2-tools >= 2.38.2-5.12
  • libdbus-1-3 >= 1.8.8-1.12
  • libdbus-1-3-32bit >= 1.8.8-1.12
  • libgio-2_0-0 >= 2.38.2-5.12
  • libgio-2_0-0-32bit >= 2.38.2-5.12
  • libgio-fam >= 2.38.2-5.12
  • libglib-2_0-0 >= 2.38.2-5.12
  • libglib-2_0-0-32bit >= 2.38.2-5.12
  • libgmodule-2_0-0 >= 2.38.2-5.12
  • libgmodule-2_0-0-32bit >= 2.38.2-5.12
  • libgobject-2_0-0 >= 2.38.2-5.12
  • libgobject-2_0-0-32bit >= 2.38.2-5.12
  • libgthread-2_0-0 >= 2.38.2-5.12
  • libgthread-2_0-0-32bit >= 2.38.2-5.12
Patchnames:
SUSE Linux Enterprise Desktop 12 GA dbus-1
SUSE Linux Enterprise Desktop 12 GA glib2-lang
SUSE Linux Enterprise Desktop 12 SP1
  • dbus-1 >= 1.8.16-14.1
  • dbus-1-x11 >= 1.8.16-14.1
  • glib2-lang >= 2.38.2-5.12
  • glib2-tools >= 2.38.2-5.12
  • libdbus-1-3 >= 1.8.16-14.1
  • libdbus-1-3-32bit >= 1.8.16-14.1
  • libgio-2_0-0 >= 2.38.2-5.12
  • libgio-2_0-0-32bit >= 2.38.2-5.12
  • libgio-fam >= 2.38.2-5.12
  • libglib-2_0-0 >= 2.38.2-5.12
  • libglib-2_0-0-32bit >= 2.38.2-5.12
  • libgmodule-2_0-0 >= 2.38.2-5.12
  • libgmodule-2_0-0-32bit >= 2.38.2-5.12
  • libgobject-2_0-0 >= 2.38.2-5.12
  • libgobject-2_0-0-32bit >= 2.38.2-5.12
  • libgthread-2_0-0 >= 2.38.2-5.12
  • libgthread-2_0-0-32bit >= 2.38.2-5.12
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA dbus-1
SUSE Linux Enterprise Desktop 12 SP1 GA glib2-lang
SUSE Linux Enterprise Desktop 12 SP2
  • dbus-1 >= 1.8.16-19.1
  • dbus-1-x11 >= 1.8.16-19.1
  • glib2-lang >= 2.48.2-10.2
  • glib2-tools >= 2.48.2-10.2
  • libdbus-1-3 >= 1.8.16-19.1
  • libdbus-1-3-32bit >= 1.8.16-19.1
  • libgio-2_0-0 >= 2.48.2-10.2
  • libgio-2_0-0-32bit >= 2.48.2-10.2
  • libgio-fam >= 2.48.2-10.2
  • libglib-2_0-0 >= 2.48.2-10.2
  • libglib-2_0-0-32bit >= 2.48.2-10.2
  • libgmodule-2_0-0 >= 2.48.2-10.2
  • libgmodule-2_0-0-32bit >= 2.48.2-10.2
  • libgobject-2_0-0 >= 2.48.2-10.2
  • libgobject-2_0-0-32bit >= 2.48.2-10.2
  • libgthread-2_0-0 >= 2.48.2-10.2
  • libgthread-2_0-0-32bit >= 2.48.2-10.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA dbus-1
SUSE Linux Enterprise Desktop 12 SP2 GA glib2-lang
SUSE Linux Enterprise Server 12 SP2
  • dbus-1 >= 1.8.16-19.1
  • dbus-1-x11 >= 1.8.16-19.1
  • glib2-lang >= 2.48.2-10.2
  • glib2-tools >= 2.48.2-10.2
  • libdbus-1-3 >= 1.8.16-19.1
  • libdbus-1-3-32bit >= 1.8.16-19.1
  • libgio-2_0-0 >= 2.48.2-10.2
  • libgio-2_0-0-32bit >= 2.48.2-10.2
  • libglib-2_0-0 >= 2.48.2-10.2
  • libglib-2_0-0-32bit >= 2.48.2-10.2
  • libgmodule-2_0-0 >= 2.48.2-10.2
  • libgmodule-2_0-0-32bit >= 2.48.2-10.2
  • libgobject-2_0-0 >= 2.48.2-10.2
  • libgobject-2_0-0-32bit >= 2.48.2-10.2
  • libgthread-2_0-0 >= 2.48.2-10.2
  • libgthread-2_0-0-32bit >= 2.48.2-10.2
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA dbus-1
SUSE Linux Enterprise Server 12 SP2 GA glib2-lang
SUSE Linux Enterprise Server 11 SP1 LTSS
  • dbus-1 >= 1.2.10-3.25.2
  • dbus-1-x11 >= 1.2.10-3.25.2
sles11-sp1-ltss.s390x
sles11-sp1-ltss.x86-64
SAT Patch Nr: 6750
SUSE Linux Enterprise Server 11 SP1 LTSS
  • dbus-1 >= 1.2.10-3.25.2
  • dbus-1-32bit >= 1.2.10-3.25.2
  • dbus-1-x11 >= 1.2.10-3.25.2
sles11-sp1-ltss.s390x
sles11-sp1-ltss.x86-64
SAT Patch Nr: 6750
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-32bit >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733
SUSE Linux Enterprise Server 11 SP2
  • dbus-1 >= 1.2.10-3.25.1
  • dbus-1-x11 >= 1.2.10-3.25.1
  • dbus-1-x86 >= 1.2.10-3.25.1
sles11-sp2.x86-64
sles11-sp2.ppc
sles11-sp2.ia64
sle11-sp2-sdk.ppc
sle11-sp2-sdk.x86
sled11-sp2.x86
sles11-sp2-vmware.x86
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86-64
sled11-sp2.x86-64
sles11-sp2.x86
sles11-sp2.s390x
sles11-sp2-vmware.x86-64
sle11-sp2-sdk.s390x
SAT Patch Nr: 6733
openSUSE 11.4
  • dbus-1 >= 1.4.1-7.27.1
  • dbus-1-32bit >= 1.4.1-7.27.1
  • dbus-1-debuginfo >= 1.4.1-7.27.1
  • dbus-1-debuginfo-32bit >= 1.4.1-7.27.1
  • dbus-1-debuginfo-x86 >= 1.4.1-7.27.1
  • dbus-1-debugsource >= 1.4.1-7.27.1
  • dbus-1-devel >= 1.4.1-7.27.1
  • dbus-1-devel-32bit >= 1.4.1-7.27.1
  • dbus-1-devel-doc >= 1.4.1-7.27.1
  • dbus-1-x11 >= 1.4.1-7.31.1
  • dbus-1-x11-debuginfo >= 1.4.1-7.31.1
  • dbus-1-x11-debugsource >= 1.4.1-7.31.1
  • dbus-1-x86 >= 1.4.1-7.27.1
Patchnames:
openSUSE-2012-670
openSUSE-2012-750
openSUSE 13.1
  • dbus-1 >= 1.8.14-4.32.3
  • dbus-1-debuginfo >= 1.8.14-4.32.3
  • dbus-1-debuginfo-32bit >= 1.8.14-4.32.3
  • dbus-1-debugsource >= 1.8.14-4.32.1
  • dbus-1-devel >= 1.8.14-4.32.1
  • dbus-1-devel-32bit >= 1.8.14-4.32.1
  • dbus-1-devel-doc >= 1.8.14-4.32.3
  • dbus-1-x11 >= 1.8.14-4.32.3
  • dbus-1-x11-debuginfo >= 1.8.14-4.32.3
  • dbus-1-x11-debugsource >= 1.8.14-4.32.3
  • libdbus-1-3 >= 1.8.14-4.32.1
  • libdbus-1-3-32bit >= 1.8.14-4.32.1
  • libdbus-1-3-debuginfo >= 1.8.14-4.32.1
  • libdbus-1-3-debuginfo-32bit >= 1.8.14-4.32.1
Patchnames:
openSUSE-2014-558
openSUSE-2015-50
openSUSE 13.2
  • dbus-1 >= 1.8.8-1.3
  • dbus-1-debuginfo >= 1.8.14-12.2
  • dbus-1-debuginfo-32bit >= 1.8.14-12.2
  • dbus-1-debugsource >= 1.8.14-12.1
  • dbus-1-devel >= 1.8.8-1.1
  • dbus-1-devel-32bit >= 1.8.14-12.1
  • dbus-1-devel-doc >= 1.8.14-12.2
  • dbus-1-x11 >= 1.8.8-1.3
  • dbus-1-x11-debuginfo >= 1.8.14-12.2
  • dbus-1-x11-debugsource >= 1.8.14-12.2
  • glib2-devel >= 2.42.0-2.1
  • glib2-tools >= 2.42.0-2.1
  • libdbus-1-3 >= 1.8.8-1.1
  • libdbus-1-3-32bit >= 1.8.8-1.1
  • libdbus-1-3-debuginfo >= 1.8.14-12.1
  • libdbus-1-3-debuginfo-32bit >= 1.8.14-12.1
  • libgio-2_0-0 >= 2.42.0-2.1
  • libgio-2_0-0-32bit >= 2.42.0-2.1
  • libglib-2_0-0 >= 2.42.0-2.1
  • libglib-2_0-0-32bit >= 2.42.0-2.1
  • libgmodule-2_0-0 >= 2.42.0-2.1
  • libgmodule-2_0-0-32bit >= 2.42.0-2.1
  • libgobject-2_0-0 >= 2.42.0-2.1
  • libgobject-2_0-0-32bit >= 2.42.0-2.1
  • libgthread-2_0-0 >= 2.42.0-2.1
  • libgthread-2_0-0-32bit >= 2.42.0-2.1
Patchnames:
openSUSE 13.2 GA dbus-1
openSUSE 13.2 GA glib2-devel
openSUSE-2015-50
openSUSE Leap 42.1
  • dbus-1 >= 1.8.16-5.9
  • dbus-1-devel >= 1.8.16-5.2
  • dbus-1-x11 >= 1.8.16-5.9
  • glib2-devel >= 2.44.1-2.3
  • glib2-lang >= 2.44.1-2.3
  • glib2-tools >= 2.44.1-2.3
  • libdbus-1-3 >= 1.8.16-5.2
  • libdbus-1-3-32bit >= 1.8.16-5.2
  • libgio-2_0-0 >= 2.44.1-2.3
  • libgio-2_0-0-32bit >= 2.44.1-2.3
  • libglib-2_0-0 >= 2.44.1-2.3
  • libglib-2_0-0-32bit >= 2.44.1-2.3
  • libgmodule-2_0-0 >= 2.44.1-2.3
  • libgmodule-2_0-0-32bit >= 2.44.1-2.3
  • libgobject-2_0-0 >= 2.44.1-2.3
  • libgobject-2_0-0-32bit >= 2.44.1-2.3
  • libgthread-2_0-0 >= 2.44.1-2.3
  • libgthread-2_0-0-32bit >= 2.44.1-2.3
Patchnames:
openSUSE Leap 42.1 GA dbus-1
openSUSE Leap 42.1 GA glib2-devel
openSUSE Leap 42.2
  • dbus-1 >= 1.8.22-1.1
  • dbus-1-devel >= 1.8.22-1.1
  • dbus-1-x11 >= 1.8.22-1.1
  • glib2-devel >= 2.48.2-1.10
  • glib2-lang >= 2.48.2-1.10
  • glib2-tools >= 2.48.2-1.10
  • libdbus-1-3 >= 1.8.22-1.1
  • libdbus-1-3-32bit >= 1.8.22-1.1
  • libgio-2_0-0 >= 2.48.2-1.10
  • libgio-2_0-0-32bit >= 2.48.2-1.10
  • libglib-2_0-0 >= 2.48.2-1.10
  • libglib-2_0-0-32bit >= 2.48.2-1.10
  • libgmodule-2_0-0 >= 2.48.2-1.10
  • libgmodule-2_0-0-32bit >= 2.48.2-1.10
  • libgobject-2_0-0 >= 2.48.2-1.10
  • libgobject-2_0-0-32bit >= 2.48.2-1.10
  • libgthread-2_0-0 >= 2.48.2-1.10
  • libgthread-2_0-0-32bit >= 2.48.2-1.10
Patchnames:
openSUSE Leap 42.2 GA dbus-1
openSUSE Leap 42.2 GA glib2-devel