[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1172Date: (C)2010-08-20   (M)2023-12-22


DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-40908
SECUNIA-40925
BID-42347
SECUNIA-42397
ADV-2010-2063
ADV-2010-3097
RHSA-2010:0616
SUSE-SR:2010:019
SUSE-SR:2010:020
SUSE-SR:2010:022
glib-property-security-bypass(61041)
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://support.avaya.com/css/P8/documents/100113103
https://bugzilla.redhat.com/show_bug.cgi?id=585394

CPE    1
cpe:/a:freedesktop:dbus-glib:0.73
CWE    1
CWE-264
OVAL    11
oval:org.secpod.oval:def:100416
oval:org.secpod.oval:def:500388
oval:org.secpod.oval:def:100527
oval:org.secpod.oval:def:201882
...

© SecPod Technologies