libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:11
Type | Values Removed | Values Added |
---|---|---|
Summary | libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. |
Information
Published : 2012-09-18 17:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4425
Mitre link : CVE-2012-4425
CVE.ORG link : CVE-2012-4425
JSON object : View
Products Affected
freedesktop
- spice-gtk
gtk
- libgio
CWE
CWE-264
Permissions, Privileges, and Access Controls