Vulnerability Details : CVE-2013-0292
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Vulnerability category: Input validation
Products affected by CVE-2013-0292
- cpe:2.3:a:freedesktop:dbus-glib:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.98:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.76:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus-glib:0.78:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0292
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-0292
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0292
-
http://www.exploit-db.com/exploits/33614
dbus-glib pam_fprintd - Local Privilege Escalation - Linux local Exploit
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.securityfocus.com/bid/57985
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82135
dbus-glib message sender privilege escalation CVE-2013-0292 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2013/02/15/10
oss-security - CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
-
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca
dbus/dbus-glib - Glib bindings for D-Bus lightweight IPC mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus-glib)Exploit;Patch
-
http://www.ubuntu.com/usn/USN-1753-1
USN-1753-1: DBus-GLib vulnerability | Ubuntu security notices
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658
911658 – (CVE-2013-0292) CVE-2013-0292 dbus-glib: Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:071
mandriva.com
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
https://bugs.freedesktop.org/show_bug.cgi?id=60916
60916 – (CVE-2013-0292) CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
-
http://rhn.redhat.com/errata/RHSA-2013-0568.html
RHSA-2013:0568 - Security Advisory - Red Hat Customer Portal
Jump to