← volver
CVE-2008-0595

CVE-2008-0595

EPSS 0.4%
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlhttp://secunia.com/advisories/29148http://secunia.com/advisories/29160http://secunia.com/advisories/29171http://secunia.com/advisories/29173http://secunia.com/advisories/29281http://secunia.com/advisories/29323http://secunia.com/advisories/30869http://secunia.com/advisories/32281http://securitytracker.com/id?1019512