D-Bus Security Flaw in Tizen's Enlightenment System Service
CVE-2018-16266

8.1HIGH

Key Information:

Vendor

Linux
Status
Tizen
Vendor
CVE Published:
22 January 2020

What is CVE-2018-16266?

The Enlightenment system service in Tizen has a security vulnerability that allows an unprivileged process to gain control over or capture windows. This issue arises due to improper configurations in the D-Bus security policy and affects Tizen versions prior to 5.0 M1, including Tizen-based firmware for the Samsung Galaxy Gear series before build RE2. Exploiting this vulnerability may enable unauthorized access and system manipulation, posing significant risks to user privacy and security.

References

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20...
x_refsource_MISC
https://review.tizen.org/git/?p=platform/upstream/enlight...
x_refsource_MISC
https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.