4.6

CVE-2008-4311

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopDbus Version <= 1.2.4
FreedesktopDbus Version0.1
FreedesktopDbus Version0.2
FreedesktopDbus Version0.3
FreedesktopDbus Version0.4
FreedesktopDbus Version0.5
FreedesktopDbus Version0.6
FreedesktopDbus Version0.7
FreedesktopDbus Version0.8
FreedesktopDbus Version0.9
FreedesktopDbus Version0.10
FreedesktopDbus Version0.11
FreedesktopDbus Version0.12
FreedesktopDbus Version0.13
FreedesktopDbus Version0.20
FreedesktopDbus Version0.21
FreedesktopDbus Version0.22
FreedesktopDbus Version0.23
FreedesktopDbus Version0.23.1
FreedesktopDbus Version0.23.2
FreedesktopDbus Version0.23.3
FreedesktopDbus Version0.31
FreedesktopDbus Version0.32
FreedesktopDbus Version0.33
FreedesktopDbus Version0.34
FreedesktopDbus Version0.35
FreedesktopDbus Version0.35.1
FreedesktopDbus Version0.35.2
FreedesktopDbus Version0.36
FreedesktopDbus Version0.36.1
FreedesktopDbus Version0.36.2
FreedesktopDbus Version0.50
FreedesktopDbus Version0.60
FreedesktopDbus Version0.61
FreedesktopDbus Version0.62
FreedesktopDbus Version0.90
FreedesktopDbus Version0.91
FreedesktopDbus Version0.92
FreedesktopDbus Version1.0
FreedesktopDbus Version1.0 Updaterc1
FreedesktopDbus Version1.0 Updaterc2
FreedesktopDbus Version1.0 Updaterc3
FreedesktopDbus Version1.1.0
FreedesktopDbus Version1.1.1
FreedesktopDbus Version1.1.2
FreedesktopDbus Version1.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.324
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/34642
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532
http://forums.fedoraforum.org/showthread.php?t=206797
http://lists.freedesktop.org/archives/dbus/2008-December/010702.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
http://secunia.com/advisories/33047
Vendor Advisory
http://secunia.com/advisories/33055
Vendor Advisory
http://secunia.com/advisories/34360
http://www.securityfocus.com/bid/32674
http://www.vupen.com/english/advisories/2008/3355
https://bugs.freedesktop.org/show_bug.cgi?id=18229
https://bugzilla.redhat.com/show_bug.cgi?id=474895
https://exchange.xforce.ibmcloud.com/vulnerabilities/47138
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html