CVE-2008-0595

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 29-02-2008 08:44

Last modified: - 07-02-2022 07:24

Total changes: - 2

Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.6

Base score

3.9

6.4

Exploitability score

Impact score

Verification logic

vendor=fedoraproject AND product=fedora AND version=7

vendor=mandrakesoft AND product=mandrake_linux AND version=2007

vendor=mandrakesoft AND product=mandrake_linux AND version=2007.0_x86_64

vendor=mandrakesoft AND product=mandrake_linux AND version=2007.1

vendor=mandrakesoft AND product=mandrake_linux AND version=2007.1 AND edition=x86-64

vendor=mandrakesoft AND product=mandrake_linux AND version=2008.0

vendor=mandrakesoft AND product=mandrake_linux AND version=2008.0 AND edition=x86-64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5 AND edition=client_workstation

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5.0

vendor=freedesktop AND product=dbus AND versionEndExcluding=1.0.3

vendor=freedesktop AND product=dbus AND versionStartIncluding=1.1.0 AND versionEndExcluding=1.1.20

Reference

[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20-Patch, Third Party Advisory
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/
MDVSA-2008:054-Broken Link
RHSA-2008:0159-Third Party Advisory
28023-Patch, Third Party Advisory, VDB Entry
1019512-Third Party Advisory, VDB Entry
29148-Broken Link
29160-Broken Link
29171-Broken Link
FEDORA-2008-2043-Third Party Advisory
FEDORA-2008-2070-Third Party Advisory
29173-Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099
https://issues.rpath.com/browse/RPL-2282
29281-Broken Link
SUSE-SR:2008:006-Third Party Advisory
29323-Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0099
USN-653-1-Third Party Advisory
32281-Broken Link
30869-Broken Link
DSA-1599-Third Party Advisory
ADV-2008-0694-Broken Link
openSUSE-SU-2012:1418-Third Party Advisory
oval:org.mitre.oval:def:9353-Tool Signature
20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11-Third Party Advisory, VDB Entry

Keywords

CVE-2008-0595

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-0595

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures