CVE-2008-0595 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-0595
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0595

Description: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-653-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html ST 1019512 SAID Secunia Advisory: SA29281 Secunia Advisory: SA29148 Secunia Advisory: SA29160 Secunia Advisory: SA29171 Secunia Advisory: SA29173 Secunia Advisory: SA29323 Secunia Advisory: SA32281 Secunia Advisory: SA30869 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0159.html MLIST http://lists.freedesktop.org/archives/dbus/2008-February/009401.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:054 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1599 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0099 http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/ http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489280/100/0/threaded BID 28023

Return to the previous page.