Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4311

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-4311
Last Modified 05 May 2014 12:16:10
Published 09 Dec 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4311

Summary

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Vulnerable Systems

Application

  • Freedesktop Dbus 0.1

  • Freedesktop Dbus 0.10

  • Freedesktop Dbus 0.11

  • Freedesktop Dbus 0.12

  • Freedesktop Dbus 0.13

  • Freedesktop Dbus 0.2

  • Freedesktop Dbus 0.20

  • Freedesktop Dbus 0.21

  • Freedesktop Dbus 0.22

  • Freedesktop Dbus 0.23

  • Freedesktop Dbus 0.23.1

  • Freedesktop Dbus 0.23.2

  • Freedesktop Dbus 0.23.3

  • Freedesktop Dbus 0.3

  • Freedesktop Dbus 0.31

  • Freedesktop Dbus 0.32

  • Freedesktop Dbus 0.33

  • Freedesktop Dbus 0.34

  • Freedesktop Dbus 0.35

  • Freedesktop Dbus 0.35.1

  • Freedesktop Dbus 0.35.2

  • Freedesktop Dbus 0.36

  • Freedesktop Dbus 0.36.1

  • Freedesktop Dbus 0.36.2

  • Freedesktop Dbus 0.4

  • Freedesktop Dbus 0.5

  • Freedesktop Dbus 0.50

  • Freedesktop Dbus 0.6

  • Freedesktop Dbus 0.60

  • Freedesktop Dbus 0.61

  • Freedesktop Dbus 0.62

  • Freedesktop Dbus 0.7

  • Freedesktop Dbus 0.8

  • Freedesktop Dbus 0.9

  • Freedesktop Dbus 0.90

  • Freedesktop Dbus 0.91

  • Freedesktop Dbus 0.92

  • Freedesktop Dbus 1.0

  • Freedesktop Dbus 1.1.0

  • Freedesktop Dbus 1.1.1

  • Freedesktop Dbus 1.1.2

  • Freedesktop Dbus 1.1.4

  • Freedesktop Dbus 1.2.4


References

FEDORA - FEDORA-2008-10907

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=474895

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=18229

XF - dbus-sendreceive-security-bypass(47138)

VUPEN - ADV-2008-3355

BID - 32674

SECUNIA - 34642

SECUNIA - 34360

SECUNIA - 33055

SECUNIA - 33047

SUSE - SUSE-SR:2009:009

SUSE - SUSE-SR:2009:008

SUSE - SUSE-SA:2009:013

MLIST - [dbus] 20081205 [CVE-2008-4311] DBus 1.2.6

CONFIRM - http://forums.fedoraforum.org/showthread.php?t=206797

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532

SUSE - openSUSE-SU-2012:1418

Related Patches

Novell SUSE 2009:5969 dbus-1 security update for SLE 10 SP2 i586

Novell SUSE 2009:6036 hal security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 11:05:12