CVE-2008-0595
29.02.2008, 19:44
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.Enginsight
Vendor | Product | Version |
---|---|---|
mandrakesoft | mandrake_linux | 2007.0_x86_64 |
mandrakesoft | mandrake_linux | 2007.1 |
mandrakesoft | mandrake_linux | 2007.1 |
mandrakesoft | mandrake_linux | 2008.0 |
mandrakesoft | mandrake_linux | 2008.0 |
redhat | enterprise_linux | 5.0 |
freedesktop | dbus | 𝑥 < 1.0.3 |
freedesktop | dbus | 1.1.0 ≤ 𝑥 < 1.1.20 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References