CVE-2012-4425
spice-gtk - Privilege Escalation via DBUS_SYSTEM_BUS_ADDRESS Environment Variable
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4425. PoCs published by Sebastian Krahmer.
AI-analyzed exploit summary This exploit leverages insecure getenv() usage in SUID binaries (spice, pam_systemd, or Xorg) to escalate privileges by manipulating environment variables and executing a malicious dbus-launch symlink. It demonstrates a local privilege escalation (LPE) via improper handling of environment variables in system utilities.
Description
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
Exploits (1)
This exploit leverages insecure getenv() usage in SUID binaries (spice, pam_systemd, or Xorg) to escalate privileges by manipulating environment variables and executing a malicious dbus-launch symlink. It demonstrates a local privilege escalation (LPE) via improper handling of environment variables in system utilities.