CVE-2011-2533

Name of the Vulnerable Software and Affected Versions D-Bus versions prior to 1.4.12 D-Bus versions 1.2.x before 1.2.28

Description The issue concerns multiple vulnerabilities in the D-Bus package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability in the configure script allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

Recommendations For D-Bus versions prior to 1.4.12, update to version 1.4.12 or later. For D-Bus versions 1.2.x before 1.2.28, update to version 1.2.28 or later. As a temporary workaround, consider restricting access to the configure script to minimize the risk of exploitation.