DBus-GLib Exploit Closed in Ubuntu 12.10

Other three editions of Ubuntu were affected by this problem

By on February 28th, 2013 10:53 GMT

On February 27, Canonical published in a security notice details about a DBus-GLib vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, an attacker could have sent crafted input to applications, using Dbus-GLib, and could have possibly escalate privileges.

Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.

The security flaws can be fixed if you upgrade your system(s) to the latest libdbus-glib-1-2 package, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary to implement the changes.
Ubuntu 12.10 desktop
   Ubuntu 12.10 desktop
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments