Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0595

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-0595
Last Modified 05 May 2014 12:03:47
Published 29 Feb 2008 02:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0595

Summary

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Vulnerable Systems

Operating System

  • D-bus Inter-process Communication System 0.13

  • D-bus Inter-process Communication System 0.20

  • D-bus Inter-process Communication System 0.21

  • D-bus Inter-process Communication System 0.22

  • D-bus Inter-process Communication System 0.23

  • D-bus Inter-process Communication System 1.0

  • D-bus Inter-process Communication System 1.0.1

  • D-bus Inter-process Communication System 1.0.2

  • D-bus Inter-process Communication System 1.1.4

  • Mandrakesoft Mandrake Linux 2007

  • Mandrakesoft Mandrake Linux 2007.0 X86 64

  • Mandrakesoft Mandrake Linux 2007.1

  • Mandrakesoft Mandrake Linux 2008.0

  • Red Hat Enterprise Linux 5

  • Red Hat Enterprise Linux Desktop 5

  • Red Hat Enterprise Linux Desktop Workstation 5

  • Redhat Fedora 7


References

BID - 28023

MLIST - [dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20

FEDORA - FEDORA-2008-2070

FEDORA - FEDORA-2008-2043

CONFIRM - https://issues.rpath.com/browse/RPL-2282

VUPEN - ADV-2008-0694

UBUNTU - USN-653-1

REDHAT - RHSA-2008:0159

MANDRIVA - MDVSA-2008:054

CONFIRM - http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/

DEBIAN - DSA-1599

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099

SECTRACK - 1019512

SECUNIA - 32281

SECUNIA - 30869

SECUNIA - 29281

SECUNIA - 29173

SECUNIA - 29171

SECUNIA - 29160

SECUNIA - 29148

BUGTRAQ - 20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0099

SECUNIA - 29323

SUSE - SUSE-SR:2008:006

SUSE - openSUSE-SU-2012:1418

Related Patches

Novell SUSE 2008:5050 dbus-1 security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 11:05:12