dbus-daemon in D-Bus prior to 1.0.3, and 1.1.x prior to 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mandrakesoft mandrake linux 2007.1 |
||
mandrakesoft mandrake linux 2008.0 |
||
mandrakesoft mandrake linux 2007 |
||
redhat enterprise linux 5.0 |
||
mandrakesoft mandrake linux 2007.0_x86_64 |
||
redhat enterprise linux 5 |
||
fedoraproject fedora 7 |
||
freedesktop dbus |