dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2008-02-29 19:44
Updated : 2025-04-09 00:30
NVD link : CVE-2008-0595
Mitre link : CVE-2008-0595
CVE.ORG link : CVE-2008-0595
JSON object : View
Products Affected
redhat
- enterprise_linux
fedoraproject
- fedora
freedesktop
- dbus
mandrakesoft
- mandrake_linux
CWE
CWE-863
Incorrect Authorization