Local Users Vulnerability in D-Bus Configuration Allows Security Bypass
CVE-2008-4311

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Dbus
Vendor: CVE Published:; 10 December 2008

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2008-4311?

The default configuration of system.conf in D-Bus prior to version 1.2.6 lacks the send_type attribute in specific rules, creating a loophole that enables local users to circumvent established access controls. This can result in unauthorized message transmission related to send_requested_reply and potentially unexpected message reception corresponding to receive_requested_reply, leading to heightened security risks.

References

https://bugs.freedesktop.org/show_bug.cgi?id=18229

x_refsource_CONFIRM

http://secunia.com/advisories/33047

third-party-advisoryx_refsource_SECUNIA

http://lists.opensuse.org/opensuse-updates/2012-10/msg000...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 29, 2008