CVE-2008-0595

CWE-863 — Incorrect Authorization13 documents8 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 80.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Dbus Fedoraproject Fedora Mandrakesoft Mandrake Linux +1 more

Timeline

PublishedFeb 29

Latest updateMay 1

Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDfreedesktop/dbus1.1.0 — 1.1.20+1

▶Debiandbus< 1.1.20-1+3

▶NVDmandrakesoft/mandrake_linux4 versions+3

Also affects: Fedora 7, Enterprise Linux 5, 5.0

Patches

Patch: lists.freedesktop.org ↗Patch: www.securityfocus.com ↗Patch: lists.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-r2x7-p32r-g3vj: dbus-daemon in D-Bus before 1↗2022-05-01

▶

CVEList

CVE-2008-0595: dbus-daemon in D-Bus before 1↗2008-02-29

▶

OSV

CVE-2008-0595: dbus-daemon in D-Bus before 1↗2008-02-29

▶

📋Vendor Advisories

Ubuntu

D-Bus vulnerabilities↗2008-10-14

▶

Red Hat

dbus security policy circumvention↗2008-02-27

▶

Debian

CVE-2008-0595: dbus - dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_inte...↗2008

▶

💬Community

Bugzilla

CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)↗2008-07-09

▶

Bugzilla

CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)↗2008-07-09

▶

Bugzilla

CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)↗2008-07-09

▶

Bugzilla

CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)↗2008-07-09

▶

Bugzilla

CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)↗2008-07-09

▶