PT-2008-6891 · Freedesktop.Org+1 · D-Bus+1

Publicado

1970-01-01

·

Atualizado

2024-06-15

·

CVE-2008-0595

CVSS v2.0

4.6

Média

VetorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions D-Bus versions prior to 1.0.3 D-Bus versions 1.1.x prior to 1.1.20
Description The issue affects the dbus-daemon in D-Bus, allowing local users to bypass intended access restrictions via a method call with a NULL interface. This can lead to a violation of confidentiality, integrity, and availability of protected information.
Recommendations For D-Bus versions prior to 1.0.3, update to version 1.0.3 or later. For D-Bus versions 1.1.x prior to 1.1.20, update to version 1.1.20 or later. As a temporary workaround, consider restricting access to the send interface attribute in the security policy to minimize the risk of exploitation.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BDU:2015-01742
BDU:2015-01743
CVE-2008-0595
DSA-1599-1
OPENSUSE-SU-2024:10711-1
RHSA-2008:0159
RHSA-2008_0159

Produtos afetados

D-Bus
Red Hat