← voltar
CVE-2008-0595

CVE-2008-0595

EPSS 0.4%
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlhttp://secunia.com/advisories/29148http://secunia.com/advisories/29160http://secunia.com/advisories/29171http://secunia.com/advisories/29173http://secunia.com/advisories/29281http://secunia.com/advisories/29323http://secunia.com/advisories/30869http://secunia.com/advisories/32281http://securitytracker.com/id?1019512