PT-2008-6891 · Freedesktop.Org+1 · D-Bus+1

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2008-0595

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions D-Bus versions prior to 1.0.3 D-Bus versions 1.1.x prior to 1.1.20
Description The issue affects the dbus-daemon in D-Bus, allowing local users to bypass intended access restrictions via a method call with a NULL interface. This can lead to a violation of confidentiality, integrity, and availability of protected information.
Recommendations For D-Bus versions prior to 1.0.3, update to version 1.0.3 or later. For D-Bus versions 1.1.x prior to 1.1.20, update to version 1.1.20 or later. As a temporary workaround, consider restricting access to the send interface attribute in the security policy to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2015-01742
BDU:2015-01743
CVE-2008-0595
DSA-1599-1
OPENSUSE-SU-2024:10711-1
RHSA-2008:0159
RHSA-2008_0159

Affected Products

D-Bus
Red Hat