CVE-2008-4311

Name of the Vulnerable Software and Affected Versions dbus-1-glib versions prior to 1.2.6 hal versions prior to 1.2.6 bluez versions prior to 1.2.6 PolicyKit versions prior to 1.2.6 powersave versions prior to 1.2.6 dbus-1-python versions prior to 1.2.6 dbus-1-qt3 versions prior to 1.2.6 dbus-1-mono versions prior to 1.2.6 dbus-1-gtk versions prior to 1.2.6 dbus-1-x11 versions prior to 1.2.6 pommed versions prior to 1.2.6 gpomme versions prior to 1.2.6 wmpomme versions prior to 1.2.6 PackageKit versions prior to 1.2.6 libbluetooth3 versions prior to 1.2.6

Description The vulnerability allows local attackers to bypass intended access restrictions by sending or receiving messages. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerability can be carried out locally by an attacker who has passed the authentication procedure.

Recommendations As a temporary workaround, consider disabling the send type attribute in the system.conf file of D-Bus until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. Update the affected packages to a version later than 1.2.6. At the moment, there is no information about a newer version that contains a fix for this vulnerability.