CVE-2013-0292

Exploit

EPSS 0.23%
Veröffentlicht 05.03.2013 21:38:56
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freedesktop ≫ Dbus-glib Version <= 0.100

Freedesktop ≫ Dbus-glib Version0.72

Freedesktop ≫ Dbus-glib Version0.73

Freedesktop ≫ Dbus-glib Version0.74

Freedesktop ≫ Dbus-glib Version0.76

Freedesktop ≫ Dbus-glib Version0.78

Freedesktop ≫ Dbus-glib Version0.80

Freedesktop ≫ Dbus-glib Version0.82

Freedesktop ≫ Dbus-glib Version0.84

Freedesktop ≫ Dbus-glib Version0.86

Freedesktop ≫ Dbus-glib Version0.88

Freedesktop ≫ Dbus-glib Version0.90

Freedesktop ≫ Dbus-glib Version0.92

Freedesktop ≫ Dbus-glib Version0.94

Freedesktop ≫ Dbus-glib Version0.96

Freedesktop ≫ Dbus-glib Version0.98

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.461

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658

http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca

Patch

Exploit

http://osvdb.org/90302

http://rhn.redhat.com/errata/RHSA-2013-0568.html

http://secunia.com/advisories/52225

Vendor Advisory

http://secunia.com/advisories/52375

http://secunia.com/advisories/52404