Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-0595

Опубликовано: 29 фев. 2008
Источник: nvd
CVSS2: 4.6
EPSS Низкий

Описание

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
Версия до 1.0.3 (исключая)
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
Версия от 1.1.0 (включая) до 1.1.20 (исключая)

EPSS

Процентиль: 15%
0.00048
Низкий

4.6 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2008-0595

ubuntu
больше 17 лет назад

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

redhat логотип

CVE-2008-0595

redhat
больше 17 лет назад

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

debian логотип

CVE-2008-0595

debian
больше 17 лет назад

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...

github логотип

GHSA-r2x7-p32r-g3vj

github
около 3 лет назад

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

oracle-oval логотип

ELSA-2008-0159

oracle-oval
больше 17 лет назад

ELSA-2008-0159: Moderate: dbus security update (MODERATE)

EPSS

Процентиль: 15%
0.00048
Низкий

4.6 Medium

CVSS2

Дефекты

CWE-863