Vulnerability Details : CVE-2008-0595
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Exploit prediction scoring system (EPSS) score for CVE-2008-0595
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0595
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2008-0595
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0595
-
http://www.debian.org/security/2008/dsa-1599
[SECURITY] [DSA 1599-1] New dbus packages fix privilege escalationThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:006 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0159.html
SupportThird Party Advisory
-
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
[ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20Patch;Third Party Advisory
-
http://secunia.com/advisories/29323
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/28023
Patch;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/29160
About Secunia Research | FlexeraBroken Link
-
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
openSUSE-SU-2012:1418-1: moderate: update for dbus-1, dbus-1-x11Third Party Advisory
-
http://secunia.com/advisories/29173
About Secunia Research | FlexeraBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:054
MandrivaBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html
[SECURITY] Fedora 7 Update: dbus-1.0.2-7.fc7Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353
404 Not FoundBroken Link
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099
Third Party Advisory
-
http://www.securityfocus.com/archive/1/489280/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/32281
About Secunia Research | FlexeraBroken Link
-
http://securitytracker.com/id?1019512
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/
J5 LiveThird Party Advisory
-
http://www.ubuntu.com/usn/usn-653-1
USN-653-1: D-Bus vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html
[SECURITY] Fedora 8 Update: dbus-1.1.2-9.fc8Third Party Advisory
-
https://issues.rpath.com/browse/RPL-2282
Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/0694
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/30869
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/29171
About Secunia Research | FlexeraBroken Link
-
http://wiki.rpath.com/Advisories:rPSA-2008-0099
Third Party Advisory
-
http://secunia.com/advisories/29281
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/29148
About Secunia Research | FlexeraBroken Link
Products affected by CVE-2008-0595
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*