7.2

CVE-2013-0292

Exploit
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopDbus-glib Version <= 0.100
FreedesktopDbus-glib Version0.72
FreedesktopDbus-glib Version0.73
FreedesktopDbus-glib Version0.74
FreedesktopDbus-glib Version0.76
FreedesktopDbus-glib Version0.78
FreedesktopDbus-glib Version0.80
FreedesktopDbus-glib Version0.82
FreedesktopDbus-glib Version0.84
FreedesktopDbus-glib Version0.86
FreedesktopDbus-glib Version0.88
FreedesktopDbus-glib Version0.90
FreedesktopDbus-glib Version0.92
FreedesktopDbus-glib Version0.94
FreedesktopDbus-glib Version0.96
FreedesktopDbus-glib Version0.98
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.09% 0.61
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca
Patch
Exploit
http://osvdb.org/90302
http://rhn.redhat.com/errata/RHSA-2013-0568.html
http://secunia.com/advisories/52225
Vendor Advisory
http://secunia.com/advisories/52375
http://secunia.com/advisories/52404
Vendor Advisory
http://www.exploit-db.com/exploits/33614
http://www.mandriva.com/security/advisories?name=MDVSA-2013:071
http://www.openwall.com/lists/oss-security/2013/02/15/10
http://www.securityfocus.com/bid/57985
http://www.ubuntu.com/usn/USN-1753-1
https://bugs.freedesktop.org/show_bug.cgi?id=60916
https://exchange.xforce.ibmcloud.com/vulnerabilities/82135