CVE-2013-0292

dbus-glib < 0.100 - Privilege Escalation via Spoofed NameOwnerChanged Signal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0292. PoCs published by Sebastian Krahmer, gitcollect.

AI-analyzed exploit summary This exploit leverages a D-Bus signal spoofing vulnerability in pam_fprintd to trigger a local privilege escalation by spoofing the 'VerifyStatus' signal, bypassing fingerprint authentication.

Description

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Exploits (2)

exploitdb WORKING POC
by Sebastian Krahmer · clocallinux
https://www.exploit-db.com/exploits/33614

This exploit leverages a D-Bus signal spoofing vulnerability in pam_fprintd to trigger a local privilege escalation by spoofing the 'VerifyStatus' signal, bypassing fingerprint authentication.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pam_fprintd (using net.reactivated.Fprint service)
No auth needed
Prerequisites: Access to a system with pam_fprintd configured · A service (e.g., su) using pam_fprintd for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by gitcollect · cpoc
https://github.com/gitcollect/CVE_Exploits/tree/master/cve-2013-0292

This PoC exploits a D-Bus signal spoofing vulnerability in pam_fprintd, allowing local privilege escalation by spoofing signals from the net.reactivated.Fprint service to trigger authentication bypass.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pam_fprintd (fprintd)
No auth needed
Prerequisites: D-Bus access · pam_fprintd configured for authentication
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (16)

Core 16
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33614
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:071
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52225
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82135
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52375
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1753-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0568.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57985
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52404
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/15/10
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/90302
Various Sources x_refsource_confirm
https://bugs.freedesktop.org/show_bug.cgi?id=60916

Scores

EPSS 0.0022
EPSS Percentile 45.2%

Details

CWE
CWE-20
Status published
Products (16)
freedesktop/dbus-glib 0.72
freedesktop/dbus-glib 0.73
freedesktop/dbus-glib 0.74
freedesktop/dbus-glib 0.76
freedesktop/dbus-glib 0.78
freedesktop/dbus-glib 0.80
freedesktop/dbus-glib 0.82
freedesktop/dbus-glib 0.84
freedesktop/dbus-glib 0.86
freedesktop/dbus-glib 0.88
... and 6 more
Published Mar 05, 2013
Tracked Since Feb 18, 2026