Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. This module exploits the vulnerability as present on the Xorg setuid binary and installs an agent with root privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name