Описание
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.60-6ubuntu8.3 |
| devel | released | 1.1.20-1ubuntu1 |
| edgy | ignored | end of life |
| feisty | released | 1.0.2-1ubuntu4.2 |
| gutsy | released | 1.1.1-3ubuntu4.2 |
| hardy | released | 1.1.20-1ubuntu1 |
| upstream | needs-triage |
Показывать по
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
ELSA-2008-0159: Moderate: dbus security update (MODERATE)
EPSS
4.6 Medium
CVSS2