Published: 29/02/2008 Updated: 01/02/2024

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

dbus-daemon in D-Bus prior to 1.0.3, and 1.1.x prior to 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mandrakesoft mandrake linux 2007.1
mandrakesoft mandrake linux 2008.0
mandrakesoft mandrake linux 2007
redhat enterprise linux 5.0
mandrakesoft mandrake linux 2007.0_x86_64
redhat enterprise linux 5
fedoraproject fedora 7
freedesktop dbus

Debian Bug report logs - #501443 dbus: CVE-2008-3834, possible DoS Package: dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for dbus is src:dbus (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Tue, 7 Oct 2008 12:03:0 ...

Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a “send_interface” defined (CVE-2008-0595) ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0595

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect