Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0292

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2013-0292
Last Modified 16 Oct 2014 02:46:45
Published 05 Mar 2013 04:38:56
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-0292

Summary

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Vulnerable Systems

Application

  • Freedesktop Dbus-glib 0.100

  • Freedesktop Dbus-glib 0.72

  • Freedesktop Dbus-glib 0.73

  • Freedesktop Dbus-glib 0.74

  • Freedesktop Dbus-glib 0.76

  • Freedesktop Dbus-glib 0.78

  • Freedesktop Dbus-glib 0.80

  • Freedesktop Dbus-glib 0.82

  • Freedesktop Dbus-glib 0.84

  • Freedesktop Dbus-glib 0.86

  • Freedesktop Dbus-glib 0.88

  • Freedesktop Dbus-glib 0.90

  • Freedesktop Dbus-glib 0.92

  • Freedesktop Dbus-glib 0.94

  • Freedesktop Dbus-glib 0.96

  • Freedesktop Dbus-glib 0.98


References

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=60916

XF - dbus-message-sender-priv-esc(82135)

UBUNTU - USN-1753-1

BID - 57985

MLIST - [oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1

SECUNIA - 52404

SECUNIA - 52375

SECUNIA - 52225

REDHAT - RHSA-2013:0568

OSVDB - 90302

CONFIRM - http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658

MANDRIVA - MDVSA-2013:071

EXPLOIT-DB - 33614

Related Patches

Red Hat 2013:0568-02 RHSA Important: dbus-glib security update for RHEL 5 x86


Last Updated: 27 May 2016 11:02:00