CVE-2008-0595

Published Feb 29, 2008

Last updated 9 months ago

Overview

Description: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-863

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC4784E4-24D1-4E22-B880-846F21F52F73"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5454336D-724E-4027-A642-1EFCB79C1ADC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53965B9B-5A2C-4899-9DDD-8995BFED40BA",
            "versionEndExcluding": "1.0.3"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C1F814-9430-464F-9376-B23363473BF9",
            "versionEndExcluding": "1.1.20",
            "versionStartIncluding": "1.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References