← back
CVE-2008-0595

CVE-2008-0595

EPSS 0.4%
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlhttp://secunia.com/advisories/29148http://secunia.com/advisories/29160http://secunia.com/advisories/29171http://secunia.com/advisories/29173http://secunia.com/advisories/29281http://secunia.com/advisories/29323http://secunia.com/advisories/30869http://secunia.com/advisories/32281http://securitytracker.com/id?1019512