Privilege Escalation in Dbus-glib Affects Local Users
CVE-2013-0292

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Dbus-glib
Vendor: CVE Published:; 5 March 2013

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2013-0292?

The dbus_g_proxy_manager_filter function in Dbus-glib versions prior to 0.100.1 lacks proper validation of the sender for NameOwnerChanged signals. This oversight enables local users to exploit the vulnerability by sending spoofed signals, potentially allowing them to elevate their privileges and perform unauthorized actions in the system.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/33614

exploitx_refsource_EXPLOIT-DB

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2013
Vulnerability Reserved
Dec 6, 2012