CVE-2013-0292

Published Mar 5, 2013

Last updated 3 months ago

CVSS info 7.2

Overview

Description: The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E4F7D32-1224-45E2-B169-62B5BC951D4A",
            "versionEndIncluding": "0.100"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.72:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "496BC807-1D1C-46D6-AD6D-B1237F17603C"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.73:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A54D95E-0283-4EAA-8128-A4D8C108A2F7"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.74:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18F56186-C2DF-4592-B0BD-2BBA8E6A5B77"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.76:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE3482DE-81B3-4F62-B207-641F005E5749"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.78:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90C99C54-9E02-472D-8BAA-D1A7E5CFF551"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "601F7293-4F70-4101-A344-8FD5A5F00FAE"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.82:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2B704A5-9144-4399-8363-C935535D0ECE"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.84:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15DC36F3-0B42-4DAC-950E-877D772E9A17"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4672D11A-AA1B-4DEE-ADB4-E28A6CF44451"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.88:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B851EEDE-3BB9-47DC-99EB-98EDD1AC61F2"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86DC6ED5-F6F1-43DD-B955-B24A76E6FA31"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.92:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B3E4395-A5FE-4233-BE98-E9012E579646"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.94:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32957259-01F9-4A88-9AFC-C477F4E07121"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.96:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99170844-AA29-4B88-9ED0-7065564A007B"
          },
          {
            "criteria": "cpe:2.3:a:freedesktop:dbus-glib:0.98:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99248DA0-F632-4CAF-BA77-07AF848BCC4E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References