CVE-2008-0595

Summary

CVE	CVE-2008-0595
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-02-29 19:44:00 UTC
Updated	2024-02-01 02:08:00 UTC
Description	dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	D-bus	Inter-process Communication System	0.13	All	All	All
Operating System	D-bus	Inter-process Communication System	0.20	All	All	All
Operating System	D-bus	Inter-process Communication System	0.21	All	All	All
Operating System	D-bus	Inter-process Communication System	0.22	All	All	All
Operating System	D-bus	Inter-process Communication System	0.23	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0.1	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0.2	All	All	All
Operating System	D-bus	Inter-process Communication System	1.1.4	All	All	All
Operating System	D-bus	Inter-process Communication System	0.13	All	All	All
Operating System	D-bus	Inter-process Communication System	0.20	All	All	All
Operating System	D-bus	Inter-process Communication System	0.21	All	All	All
Operating System	D-bus	Inter-process Communication System	0.22	All	All	All
Operating System	D-bus	Inter-process Communication System	0.23	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0.1	All	All	All
Operating System	D-bus	Inter-process Communication System	1.0.2	All	All	All
Operating System	D-bus	Inter-process Communication System	1.1.4	All	All	All
Operating System	Fedoraproject	Fedora	7	All	All	All
Application	Freedesktop	Dbus	All	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.0_x86_64	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86-64	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	x86-64	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.0_x86_64	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86-64	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	x86-64	All
Operating System	Redhat	Enterprise Linux	5	All	client_workstation	All
Operating System	Redhat	Enterprise Linux	5.0	All	All	All
Operating System	Redhat	Fedora	7	All	All	All
Operating System	Redhat	Fedora	7	All	All	All
Operating System	Red Hat	Enterprise Linux	5	All	server	All
Operating System	Red Hat	Enterprise Linux	5	All	server	All
Operating System	Red Hat	Enterprise Linux Desktop	5	All	client	All
Operating System	Red Hat	Enterprise Linux Desktop	5	All	client	All
Operating System	Red Hat	Enterprise Linux Desktop Workstation	5	All	client	All
Operating System	Red Hat	Enterprise Linux Desktop Workstation	5	All	client	All

References

Reference	Source	Link	Tags
issues.rpath.com/browse/RPL-2282	CONFIRM	issues.rpath.com
Advisories:rPSA-2008-0099 - rPath Wiki	CONFIRM	wiki.rpath.com
J5’s Blog » [ANNOUNCE] D-Bus 1.1.20 “Coniston Water” Released	CONFIRM	www.j5live.com
openSUSE-SU-2012:1418-1: moderate: update for dbus-1, dbus-1-x11	SUSE	lists.opensuse.org
Debian -- Security Information -- DSA-1599-1 dbus	DEBIAN	www.debian.org
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
rPath update for dbus - Advisories - Secunia	SECUNIA	secunia.com
Advisories:rPSA-2008-0099 - rPath Wiki	CONFIRM	wiki.rpath.com
Fedora update for dbus - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Red Hat update for dbus - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
[SECURITY] Fedora 7 Update: dbus-1.0.2-7.fc7	FEDORA	www.redhat.com
[SECURITY] Fedora 8 Update: dbus-1.1.2-9.fc8	FEDORA	www.redhat.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
D-Bus Policy Flaw Lets Remote Users Execute Restricted Method Calls - SecurityTracker	SECTRACK	securitytracker.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:006	SUSE	lists.opensuse.org
Mandriva update for dbus - Advisories - Secunia	SECUNIA	secunia.com
[ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20	MLIST	lists.freedesktop.org	Patch
Ubuntu update for dbus - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
USN-653-1: D-Bus vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Debian update for dbus - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
D-Bus "send_interface" Security Policy Bypass - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
D-Bus 'send_interface' Attribute Security Policy Bypass Vulnerability	BID	www.securityfocus.com	Patch
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.