Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2013-0292

Published: 05/03/2013 Updated: 29/08/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Freedesktop

Vulnerability Summary

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib prior to 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop dbus-glib

freedesktop dbus-glib 0.98

freedesktop dbus-glib 0.84

freedesktop dbus-glib 0.82

freedesktop dbus-glib 0.92

freedesktop dbus-glib 0.90

freedesktop dbus-glib 0.76

freedesktop dbus-glib 0.74

freedesktop dbus-glib 0.88

freedesktop dbus-glib 0.86

freedesktop dbus-glib 0.73

freedesktop dbus-glib 0.72

freedesktop dbus-glib 0.96

freedesktop dbus-glib 0.94

freedesktop dbus-glib 0.80

freedesktop dbus-glib 0.78

Vendor Advisories

Red Hat: Important: dbus-glib security update
Synopsis Important: dbus-glib security update Type/Severity Security Advisory: Important Topic Updated dbus-glib packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vu ...
Debian CVElist Bug Report Logs: CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
Debian Bug report logs - #700638 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib &lt; 01001 Package: libdbus-glib-1-2; Maintainer for libdbus-glib-1-2 is Utopia Maintenance Team &lt;pkg-utopia-maintainers@listsaliothdebianorg&gt;; Source for libdbus-glib-1-2 is src:dbus-glib (PTS, buildd, popcon) ...
Ubuntu Security Notice: dbus-glib vulnerability
An attacker could send crafted input to applications using DBus-GLib and possibly escalate privileges ...

Exploits

Exploit DB: dbus-glib pam_fprintd - Local Privilege Escalation
/* darklena fprintd/pam_fprintd local root PoC However dbus-glib plays an important role * * (C) 2013 Sebastian Krahmer, all rights reversed * * pam_fprintd uses netreactivatedFprint service to trigger finger swiping and * registers DBUS signal inside the PAM authentication function: * * dbus_g_proxy_add_signal(dev, "VerifyStatus ...

References

CWE-20http://rhn.redhat.com/errata/RHSA-2013-0568.htmlhttp://secunia.com/advisories/52375http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658http://www.ubuntu.com/usn/USN-1753-1http://www.openwall.com/lists/oss-security/2013/02/15/10https://bugs.freedesktop.org/show_bug.cgi?id=60916http://osvdb.org/90302http://www.securityfocus.com/bid/57985http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75ecahttp://secunia.com/advisories/52404http://secunia.com/advisories/52225http://www.mandriva.com/security/advisories?name=MDVSA-2013:071http://www.exploit-db.com/exploits/33614http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://exchange.xforce.ibmcloud.com/vulnerabilities/82135https://access.redhat.com/errata/RHSA-2013:0568https://usn.ubuntu.com/1753-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/33614/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook