CVE-2008-0595

Fedora < 1.0.3 - Incorrect Authorization

Title source: rule

Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

References (26)

[Patch, Third Party Advisory] http://lists.freedesktop.org/archives/dbus/2008-February/009401.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html

[Broken Link] http://secunia.com/advisories/29148

[Broken Link] http://secunia.com/advisories/29160

[Broken Link] http://secunia.com/advisories/29171

[Broken Link] http://secunia.com/advisories/29173

[Broken Link] http://secunia.com/advisories/29281

[Broken Link] http://secunia.com/advisories/29323

[Broken Link] http://secunia.com/advisories/30869

[Broken Link] http://secunia.com/advisories/32281

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019512

[Third Party Advisory] http://wiki.rpath.com/Advisories:rPSA-2008-0099

[Third Party Advisory] http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1599

[Third Party Advisory] http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/

[Broken Link] http://www.mandriva.com/security/advisories?name=MDVSA-2008:054

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2008-0159.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489280/100/0/threaded

[Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28023

... and 6 more

Scores

EPSS 0.0006

EPSS Percentile 19.4%

Classification

CWE

CWE-863

Status draft

Affected Products (10)

fedoraproject/fedora

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

redhat/enterprise_linux

redhat/enterprise_linux

freedesktop/dbus < 1.0.3

Timeline

Published Feb 29, 2008

Tracked Since Feb 18, 2026