CVE-2013-0292

Summary

CVE	CVE-2013-0292
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-03-05 21:38:00 UTC
Updated	2017-08-29 01:33:00 UTC
Description	The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Freedesktop	Dbus-glib	0.72	All	All	All
Application	Freedesktop	Dbus-glib	0.73	All	All	All
Application	Freedesktop	Dbus-glib	0.74	All	All	All
Application	Freedesktop	Dbus-glib	0.76	All	All	All
Application	Freedesktop	Dbus-glib	0.78	All	All	All
Application	Freedesktop	Dbus-glib	0.80	All	All	All
Application	Freedesktop	Dbus-glib	0.82	All	All	All
Application	Freedesktop	Dbus-glib	0.84	All	All	All
Application	Freedesktop	Dbus-glib	0.86	All	All	All
Application	Freedesktop	Dbus-glib	0.88	All	All	All
Application	Freedesktop	Dbus-glib	0.90	All	All	All
Application	Freedesktop	Dbus-glib	0.92	All	All	All
Application	Freedesktop	Dbus-glib	0.94	All	All	All
Application	Freedesktop	Dbus-glib	0.96	All	All	All
Application	Freedesktop	Dbus-glib	0.98	All	All	All
Application	Freedesktop	Dbus-glib	All	All	All	All
Application	Freedesktop	Dbus-glib	0.72	All	All	All
Application	Freedesktop	Dbus-glib	0.73	All	All	All
Application	Freedesktop	Dbus-glib	0.74	All	All	All
Application	Freedesktop	Dbus-glib	0.76	All	All	All
Application	Freedesktop	Dbus-glib	0.78	All	All	All
Application	Freedesktop	Dbus-glib	0.80	All	All	All
Application	Freedesktop	Dbus-glib	0.82	All	All	All
Application	Freedesktop	Dbus-glib	0.84	All	All	All
Application	Freedesktop	Dbus-glib	0.86	All	All	All
Application	Freedesktop	Dbus-glib	0.88	All	All	All
Application	Freedesktop	Dbus-glib	0.90	All	All	All
Application	Freedesktop	Dbus-glib	0.92	All	All	All
Application	Freedesktop	Dbus-glib	0.94	All	All	All
Application	Freedesktop	Dbus-glib	0.96	All	All	All
Application	Freedesktop	Dbus-glib	0.98	All	All	All

References

Reference	Source	Link	Tags
USN-1753-1: DBus-GLib vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Security Advisory SA52375 - Red Hat update for dbus-glib - Secunia	SECUNIA	secunia.com
Security Advisory SA52404 - Ubuntu update for dbus-glib - Secunia	SECUNIA	secunia.com	Vendor Advisory
911658 – (CVE-2013-0292) CVE-2013-0292 dbus-glib: Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received	MISC	bugzilla.redhat.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Oracle VM Server for x86 Bulletin - July 2016	CONFIRM	www.oracle.com
dbus/dbus-glib - Glib bindings for D-Bus lightweight IPC mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus-glib)	CONFIRM	cgit.freedesktop.org	Exploit, Patch
Support / Security / Advisories / / MDVSA-2013:071 \| Mandriva	MANDRIVA	www.mandriva.com
dbus-glib pam_fprintd - Local Root Exploit	EXPLOIT-DB	www.exploit-db.com
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability	BID	www.securityfocus.com
oss-security - CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1	MLIST	www.openwall.com
Security Advisory SA52225 - dbus-glib D-Bus GLib Bindings "NameOwnerChanged" Signal Handling Vulnerability - Secunia	SECUNIA	secunia.com	Vendor Advisory
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView	CONFIRM	kb.juniper.net
Bug 60916 – CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1	CONFIRM	bugs.freedesktop.org
90302	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.