oval:org.mitre.oval:def:23747

Definition Id: oval:org.mitre.oval:def:23747

Oval ID:	oval:org.mitre.oval:def:23747
Title:	ELSA-2012:1261: dbus security update (Moderate)
Description:	libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1261-01 CVE-2012-3524	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	dbus
Definition Synopsis:
Oracle Linux 6.x rpm test dbus-devel is earlier than 1:1.2.24-7.el6_3 AND dbus is earlier than 1:1.2.24-7.el6_3 AND dbus-x11 is earlier than 1:1.2.24-7.el6_3 AND dbus-libs is earlier than 1:1.2.24-7.el6_3 AND dbus-doc is earlier than 1:1.2.24-7.el6_3

Definition Id: oval:org.mitre.oval:def:16594

Oval ID:	oval:org.mitre.oval:def:16594
Title:	Oracle Linux 6.x
Description:	The operating system installed on the system is Oracle Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:oracle:linux:6	Version:	5
Platform(s):	Oracle Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:23747