Search for vulnerabilities
Vulnerability details: VCID-dwjx-2jsx-aaar
Vulnerability ID VCID-dwjx-2jsx-aaar
Aliases CVE-2012-4425
Summary libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4425.html
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1284
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00518 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2012-4425
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4425
generic_textual Low http://seclists.org/oss-sec/2012/q3/470
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2012-4425
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4425.html
http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051
http://rhn.redhat.com/errata/RHSA-2012-1284.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4425.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4425
https://bugzilla.redhat.com/show_bug.cgi?id=857283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4425
http://seclists.org/oss-sec/2012/q3/470
http://www.exploit-db.com/exploits/21323
http://www.openwall.com/lists/oss-security/2012/09/12/6
http://www.openwall.com/lists/oss-security/2012/09/14/2
http://www.openwall.com/lists/oss-security/2012/09/17/2
http://www.securityfocus.com/bid/55555
http://www.spinics.net/lists/spice-devel/msg01940.html
689155 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689155
cpe:2.3:a:freedesktop:spice-gtk:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:spice-gtk:-:*:*:*:*:*:*:*
cpe:2.3:a:gtk:libgio:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gtk:libgio:-:*:*:*:*:*:*:*
CVE-2012-3524;OSVDB-85480;CVE-2012-4425 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/21323.c
CVE-2012-4425 https://nvd.nist.gov/vuln/detail/CVE-2012-4425
GLSA-201406-29 https://security.gentoo.org/glsa/201406-29
RHSA-2012:1284 https://access.redhat.com/errata/RHSA-2012:1284
Data source Exploit-DB
Date added Sept. 14, 2012
Description libdbus - 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation
Ransomware campaign use Unknown
Source publication date July 17, 2012
Exploit type local
Platform linux
Source update date Sept. 14, 2012
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-4425
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.