drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in DBus
Name: |
Ausführen beliebiger Kommandos in DBus |
|
ID: |
USN-1576-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Do, 20. September 2012, 19:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524 |
|
Applikationen: |
D-BUS |
|
Originalnachricht |
--===============8665282777105743792== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-TWHiX14K0RX5fqHMUIrw"
--=-TWHiX14K0RX5fqHMUIrw Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012
dbus vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
DBus could be made to run programs as an administrator.
Software Description: - dbus: simple interprocess messaging system
Details:
Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: dbus 1.4.18-1ubuntu1.1 libdbus-1-3 1.4.18-1ubuntu1.1
Ubuntu 11.10: dbus 1.4.14-1ubuntu1.1 libdbus-1-3 1.4.14-1ubuntu1.1
Ubuntu 11.04: dbus 1.4.6-1ubuntu6.2 libdbus-1-3 1.4.6-1ubuntu6.2
Ubuntu 10.04 LTS: dbus 1.2.16-2ubuntu4.5 libdbus-1-3 1.2.16-2ubuntu4.5
Ubuntu 8.04 LTS: dbus 1.1.20-1ubuntu3.7 libdbus-1-3 1.1.20-1ubuntu3.7
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1576-1 CVE-2012-3524
Package Information: https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.1 https://launchpad.net/ubuntu/+source/dbus/1.4.14-1ubuntu1.1 https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.2 https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.5 https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.7
--ÝWHiX14K0RX5fqHMUIrw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJQW0ppAAoJEGVp2FWnRL6TlyQP/i4/30QsVFb8+KGlpKT9gtEA kTjS0BMul+HGDfBe5uKDhGqnhLEm/k51omBOFPF100LnIsBi7PPOfX7UTud3P7E4 OVdeE5j8+auBuz+I+DhY9koZYHRNbQXyhSLjq+018te9TAwe0hTFAAPOoduaKCiT xO6ZE9yzS1yVRaRQcuQY9PxwJFAJFxCi5GJiOB29Ba17t0jb7sJoF0zkZa39i3+Q TsnYirFesfCyuKOdYxvwZUVjQ+EKZzPFArDD0KCGwZA8KEe3p9oJ4052MxP9Cq1j 77EJXgwubJuNYX1pEGk/pWLvfE5PnrCsO6no/n18LdSnrYo+A3UokcsGb/Pwuhwu T1Anr0egy9WzqeY7wxmMIYUIk6ImYru317RjJwplpgQDR84Ut7fEuipgawBRolqU +N7u8yZZT9zn2TksRN2eLyBuJrFcjAZp9RZZHn3O5+qOVuh1SPIQHkUb8GEDeZsE thzVJLgA8vZURV5Le4KTcgwsgmqWvKUgP99FWUpkyOK7yG6bBLFZILRLvFwLcK5g CuNqcC3VaWZ+T3ZTH1TCpjunSZvTJKAAstXqq8k6+RuHDlxSsMLeHl9ohzIqN6Hl VuwZiQkoyhBTPPFtrV50tTuzdCHZc9q7HRN18ihoFTktm+UUFnHdKaJo2y4rC1Ay oa7yKavq9n4ecYSs1N/a =L0FE -----END PGP SIGNATURE-----
--=-TWHiX14K0RX5fqHMUIrw--
--===============8665282777105743792== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8665282777105743792==--
|
|
|
|