Privilege Escalation in Dbus-glib Affects Local Users
CVE-2013-0292

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Dbus-glib
Vendor: CVE Published:; 5 March 2013

🔔 Create Freedesktop Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2013-0292?

The dbus_g_proxy_manager_filter function in Dbus-glib versions prior to 0.100.1 lacks proper validation of the sender for NameOwnerChanged signals. This oversight enables local users to exploit the vulnerability by sending spoofed signals, potentially allowing them to elevate their privileges and perform unauthorized actions in the system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-0292 - Proof of Concept

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/33614

exploitx_refsource_EXPLOIT-DB

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 5, 2013
👾
Exploit known to exist
Mar 5, 2013
Vulnerability published
Mar 5, 2013
Vulnerability Reserved
Dec 6, 2012

CVE-2013-0292 Data

JSON