CVE-2012-4425

Name of the Vulnerable Software and Affected Versions spice-gtk versions 0.11 spice-gtk-tools versions 0.11 spice-gtk-python versions 0.11 spice-glib versions 0.11 spice-gtk-devel versions 0.11 spice-glib-devel versions 0.11 spice-gtk-debuginfo versions 0.11

Description The issue allows local users to gain privileges and execute arbitrary code via the DBUS SYSTEM BUS ADDRESS environment variable. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For spice-gtk version 0.11, consider disabling the use of the DBUS SYSTEM BUS ADDRESS environment variable until a patch is available. For spice-gtk-tools version 0.11, restrict access to sensitive information to minimize the risk of exploitation. For spice-gtk-python version 0.11, avoid using privileged programs that do not cleanse environment variables. For spice-glib version 0.11, consider implementing additional security measures to prevent local exploitation. For spice-gtk-devel version 0.11, restrict access to development tools to prevent unauthorized use. For spice-glib-devel version 0.11, consider disabling the use of sensitive functions until a patch is available. For spice-gtk-debuginfo version 0.11, restrict access to debug information to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.