CVE-2013-0292

Freedesktop Dbus-glib < 0.100 - Improper Input Validation

Title source: rule

Description

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Exploits (2)

exploitdb WORKING POC
by Sebastian Krahmer · clocallinux
https://www.exploit-db.com/exploits/33614
github WORKING POC
by gitcollect · cpoc
https://github.com/gitcollect/CVE_Exploits/tree/master/cve-2013-0292

References (16)

Scores

EPSS 0.0022
EPSS Percentile 44.9%

Details

CWE
CWE-20
Status published
Products (16)
freedesktop/dbus-glib 0.72
freedesktop/dbus-glib 0.73
freedesktop/dbus-glib 0.74
freedesktop/dbus-glib 0.76
freedesktop/dbus-glib 0.78
freedesktop/dbus-glib 0.80
freedesktop/dbus-glib 0.82
freedesktop/dbus-glib 0.84
freedesktop/dbus-glib 0.86
freedesktop/dbus-glib 0.88
... and 6 more
Published Mar 05, 2013
Tracked Since Feb 18, 2026