[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0595Date: (C)2008-02-29   (M)2024-02-09


dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1019512
http://www.securityfocus.com/archive/1/489280/100/0/threaded
BID-28023
SECUNIA-29148
SECUNIA-29160
SECUNIA-29171
SECUNIA-29173
SECUNIA-29281
SECUNIA-29323
SECUNIA-30869
SECUNIA-32281
ADV-2008-0694
DSA-1599
FEDORA-2008-2043
FEDORA-2008-2070
MDVSA-2008:054
RHSA-2008:0159
SUSE-SR:2008:006
USN-653-1
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
http://wiki.rpath.com/Advisories:rPSA-2008-0099
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/
https://issues.rpath.com/browse/RPL-2282
openSUSE-SU-2012:1418
oval:org.mitre.oval:def:9353

CWE    1
CWE-863
OVAL    2
oval:org.secpod.oval:def:301242
oval:org.mitre.oval:def:8119

© SecPod Technologies