857283 – (CVE-2012-4425) CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable

Bug 857283 (CVE-2012-4425) - CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable

Summary: CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-4425
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	854819 854822 854823 854825 857227 857228
Blocks:	847403
TreeView+	depends on / blocked

Reported:	2012-09-14 02:44 UTC by Huzaifa S. Sidhpurwala
Modified:	2023-05-12 17:11 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-19 21:57:03 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Debian BTS	689155	0	None	None	None	2012-09-30 13:04:20 UTC
Red Hat Product Errata	RHSA-2012:1284	0	normal	SHIPPED_LIVE	Moderate: spice-gtk security update	2012-09-17 20:51:14 UTC

Description Huzaifa S. Sidhpurwala 2012-09-14 02:44:06 UTC

It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application. 

This flaw is similar to  CVE-2012-3524

Comment 2 Huzaifa S. Sidhpurwala 2012-09-14 02:54:44 UTC

Created spice-gtk tracking bugs for this issue

Affects: fedora-all [bug 857228]

Comment 3 Huzaifa S. Sidhpurwala 2012-09-14 02:58:56 UTC

Acknowledgement:

Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.

Comment 4 Huzaifa S. Sidhpurwala 2012-09-14 03:01:01 UTC

Reference:

http://seclists.org/oss-sec/2012/q3/470

Comment 6 Huzaifa S. Sidhpurwala 2012-09-14 03:23:32 UTC

Created glib2 tracking bugs for this issue

Affects: fedora-all [bug 857227]

Comment 7 errata-xmlrpc 2012-09-17 16:54:06 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1284 https://rhn.redhat.com/errata/RHSA-2012-1284.html

Comment 8 Jan Lieskovsky 2012-09-30 13:04:20 UTC

Upstream patch:
http://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9

Note You need to log in before you can comment on or make changes to this bug.