CVE-2008-0595
published 2008-02-29CVE-2008-0595: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dbus | < dbus 1.1.20-1 (bookworm) | dbus 1.1.20-1 (bookworm) |
| fedoraproject | fedora | — | — |
| freedesktop | dbus | < 1.0.3 | 1.0.3 |
| freedesktop | dbus | >= 0 < 1.1.20-1 | 1.1.20-1 |
| freedesktop | dbus | >= 0 < 1.1.20-1 | 1.1.20-1 |
| freedesktop | dbus | >= 0 < 1.1.20-1 | 1.1.20-1 |
| freedesktop | dbus | >= 0 < 1.1.20-1 | 1.1.20-1 |
| freedesktop | dbus | >= 1.1.0 < 1.1.20 | 1.1.20 |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM