CVE-2010-1172
published 2010-08-20CVE-2010-1172: DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a…
PriorityP49low3.6CVSS 2.0
AVLACLAuNCNIPAP
EPSS
0.40%
31.5th percentile
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dbus-glib | < dbus-glib 0.88-1 (bookworm) | dbus-glib 0.88-1 (bookworm) |
| freedesktop | dbus-glib | — | — |
| freedesktop | dbus-glib | >= 0 < 0.88-1 | 0.88-1 |
| freedesktop | dbus-glib | >= 0 < 0.88-1 | 0.88-1 |
| freedesktop | dbus-glib | >= 0 < 0.88-1 | 0.88-1 |
| freedesktop | dbus-glib | >= 0 < 0.88-1 | 0.88-1 |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv3.6LOW
vendor_debian3.6LOW
vendor_redhat3.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DBus-GLib vulnerability
vendor_ubuntu·2011-05-26
CVE-2010-1172 DBus-GLib vulnerability
Title: DBus-GLib vulnerability
Summary: An attacker could send crafted input to applications using DBus-GLib and
cause them to crash.
It was discovered that DBus-GLib did not properly verify the access flag of
exported GObject properties under certain circumstances. A local attacker
could exploit this to bypass intended access restrictions or possibly
cause a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dbus-glib: property access not validated
vendor_redhat·2010-08-10·CVSS 3.6
CVE-2010-1172 [LOW] dbus-glib: property access not validated
dbus-glib: property access not validated
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
Package: dbus-glib (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-1172: dbus-glib - DBus-GLib 0.73 disregards the access flag of exported GObject properties, which ...
vendor_debian·2010·CVSS 3.6
CVE-2010-1172 [LOW] CVE-2010-1172: dbus-glib - DBus-GLib 0.73 disregards the access flag of exported GObject properties, which ...
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
Scope: local
bookworm: resolved (fixed in 0.88-1)
bullseye: resolved (fixed in 0.88-1)
forky: resolved (fixed in 0.88-1)
sid: resolved (fixed in 0.88-1)
trixie: resolved (fixed in 0.88-1)
GHSA
GHSA-p9f7-hrqg-ghqv: DBus-GLib 0
ghsa_unreviewed·2022-05-02
CVE-2010-1172 [LOW] GHSA-p9f7-hrqg-ghqv: DBus-GLib 0
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
OSV
CVE-2010-1172: DBus-GLib 0
osv·2010-08-20·CVSS 3.6
CVE-2010-1172 [LOW] CVE-2010-1172: DBus-GLib 0
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
No detection rules found.
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://secunia.com/advisories/40908http://secunia.com/advisories/40925http://secunia.com/advisories/42397http://support.avaya.com/css/P8/documents/100113103http://www.redhat.com/support/errata/RHSA-2010-0616.htmlhttp://www.securityfocus.com/bid/42347http://www.vupen.com/english/advisories/2010/2063http://www.vupen.com/english/advisories/2010/3097https://bugzilla.redhat.com/show_bug.cgi?id=585394https://exchange.xforce.ibmcloud.com/vulnerabilities/61041http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://secunia.com/advisories/40908http://secunia.com/advisories/40925http://secunia.com/advisories/42397http://support.avaya.com/css/P8/documents/100113103http://www.redhat.com/support/errata/RHSA-2010-0616.htmlhttp://www.securityfocus.com/bid/42347http://www.vupen.com/english/advisories/2010/2063http://www.vupen.com/english/advisories/2010/3097https://bugzilla.redhat.com/show_bug.cgi?id=585394https://exchange.xforce.ibmcloud.com/vulnerabilities/61041
2010-08-20
Published