4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.1%
CentOS Errata and Security Advisory CESA-2008:0159
D-Bus is a system for sending messages between applications. It is used
both for the system-wide message bus service, and as a
per-user-login-session messaging facility.
Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. (CVE-2008-0595)
Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that
would allow a user to leverage this flaw to elevate their privileges.
This flaw does not affect the version of D-Bus shipped in Red Hat
Enterprise Linux 4.
All users are advised to upgrade to these updated dbus packages, which
contain a backported patch and are not vulnerable to this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076898.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076899.html
Affected packages:
dbus
dbus-devel
dbus-x11
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0159
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | dbus | < 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.i386.rpm |
CentOS | 5 | i386 | dbus-devel | < 1.0.0-6.3.el5_1 | dbus-devel-1.0.0-6.3.el5_1.i386.rpm |
CentOS | 5 | i386 | dbus-x11 | < 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.i386.rpm |
CentOS | 5 | i386 | dbus | < 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.i386.rpm |
CentOS | 5 | x86_64 | dbus | < 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.x86_64.rpm |
CentOS | 5 | i386 | dbus-devel | < 1.0.0-6.3.el5_1 | dbus-devel-1.0.0-6.3.el5_1.i386.rpm |
CentOS | 5 | x86_64 | dbus-devel | < 1.0.0-6.3.el5_1 | dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm |
CentOS | 5 | x86_64 | dbus-x11 | < 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm |