dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
BID:57985
Info
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
| Bugtraq ID: | 57985 |
| Class: | Access Validation Error |
| CVE: |
CVE-2013-0292 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 15 2013 12:00AM |
| Updated: | Jul 29 2016 12:00AM |
| Credit: | Sebastian Krahmer |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.10 i386 Ubuntu Ubuntu Linux 12.10 amd64 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle VM Server for x86 3.4 Oracle VM Server for x86 3.3 Oracle VM Server for x86 3.2 Oracle Enterprise Linux 5 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 freedesktop dbus-glib 0.100 CentOS CentOS 5 Avaya Voice Portal 5.1.3 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP3 Avaya Voice Portal 5.1 SP2 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.1 Avaya Proactive Contact 5.0 Avaya one-X Client Enablement Service 6.1 SP3 Avaya one-X Client Enablement Service 6.1 SP2 Avaya one-X Client Enablement Service 6.1 Sp1 Avaya one-X Client Enablement Service 6.1 Avaya one-X Client Enablement Service 6.0 SP3 Avaya one-X Client Enablement Service 6.0 SP2 Avaya one-X Client Enablement Service 6.0 SP1 Avaya IQ 4.1 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IQ 4.2 Avaya IQ 4.0 Avaya IP Office Server Edition 8.1 Avaya IP Office Server Edition 8.0 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.2.1 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.2 SP1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.0 Avaya Aura System Manager 6.3 Avaya Aura System Manager 6.2.3 Avaya Aura System Manager 6.2 SP3 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.5 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.5 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.0.1 Avaya Aura Session Manager 6.3 Avaya Aura Session Manager 6.2.2 Avaya Aura Session Manager 6.2 SP1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2.1 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1.1 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1 SP1 Avaya Aura Presence Services 6.0 Avaya Aura Experience Portal 6.0.2 Avaya Aura Experience Portal 6.0.1 Avaya Aura Experience Portal 6.0 SP2 Avaya Aura Experience Portal 6.0 SP1 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 7.0 Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Application Server 5300 SIP Core 3.0 PB3 Avaya Aura Application Server 5300 SIP Core 3.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 PB28 Avaya Aura Application Server 5300 SIP Core 2.0 PB26 Avaya Aura Application Server 5300 SIP Core 2.0 PB25 Avaya Aura Application Server 5300 SIP Core 2.0 PB23 Avaya Aura Application Server 5300 SIP Core 2.0 PB19 Avaya Aura Application Server 5300 SIP Core 2.0 PB16 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.2 Avaya Aura Application Enablement Services 6.1.2 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.4 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: |
freedesktop dbus-glib 0.100.1 |
Discussion
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
The dbus-glib is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges, which may aid in further attacks.
The dbus-glib is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges, which may aid in further attacks.
Exploit / POC
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
References:
References:
- CVE-2013-0292 dbus-glib: Local privilege escalation due improper filtering of m (Red Hat)
- CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0 (oss-sec)
- CVE-2013-0292: dbus-gproxy: Verify sender of NameOwnerChanged signals to be o.f. (freedesktop.org)
- dbus-glib Homepage (freedesktop.org)
- dbus-glib security update (RHSA-2013-0568) (Avaya Inc)
- Oracle VM Server for x86 Bulletin - July 2016 (Oracle)