The default configuration of system.conf in D-Bus (aka DBus) prior to 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
freedesktop dbus 1.1.4 |
||
freedesktop dbus 1.0 |
||
freedesktop dbus 0.92 |
||
freedesktop dbus 0.36.2 |
||
freedesktop dbus 0.36.1 |
||
freedesktop dbus |
||
freedesktop dbus 1.1.2 |
||
freedesktop dbus 0.91 |
||
freedesktop dbus 0.90 |
||
freedesktop dbus 0.36 |
||
freedesktop dbus 0.35.2 |
||
freedesktop dbus 0.23.3 |
||
freedesktop dbus 0.23.2 |
||
freedesktop dbus 0.11 |
||
freedesktop dbus 0.10 |
||
freedesktop dbus 0.3 |
||
freedesktop dbus 0.2 |
||
freedesktop dbus 1.1.1 |
||
freedesktop dbus 1.1.0 |
||
freedesktop dbus 0.62 |
||
freedesktop dbus 0.61 |
||
freedesktop dbus 0.35.1 |
||
freedesktop dbus 0.35 |
||
freedesktop dbus 0.23.1 |
||
freedesktop dbus 0.23 |
||
freedesktop dbus 0.9 |
||
freedesktop dbus 0.8 |
||
freedesktop dbus 0.60 |
||
freedesktop dbus 0.50 |
||
freedesktop dbus 0.34 |
||
freedesktop dbus 0.33 |
||
freedesktop dbus 0.22 |
||
freedesktop dbus 0.21 |
||
freedesktop dbus 0.20 |
||
freedesktop dbus 0.7 |
||
freedesktop dbus 0.6 |
||
freedesktop dbus 0.1 |
||
freedesktop dbus 0.32 |
||
freedesktop dbus 0.31 |
||
freedesktop dbus 0.13 |
||
freedesktop dbus 0.12 |
||
freedesktop dbus 0.5 |
||
freedesktop dbus 0.4 |
Vulmon