CVE-2013-0292

2013-03-0521:38:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-0292

dbus-glib

dbus

local privilege escalation

spoofed signal

security vulnerability

6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

CPENameOperatorVersion
freedesktop:dbus-glibfreedesktop dbus-glibeq0.80
freedesktop:dbus-glibfreedesktop dbus-glible0.100
freedesktop:dbus-glibfreedesktop dbus-glibeq0.86
freedesktop:dbus-glibfreedesktop dbus-glibeq0.96
freedesktop:dbus-glibfreedesktop dbus-glibeq0.78
freedesktop:dbus-glibfreedesktop dbus-glibeq0.92
freedesktop:dbus-glibfreedesktop dbus-glibeq0.82
freedesktop:dbus-glibfreedesktop dbus-glibeq0.94
freedesktop:dbus-glibfreedesktop dbus-glibeq0.73
freedesktop:dbus-glibfreedesktop dbus-glibeq0.98

CPE	Name	Operator	Version
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.80
freedesktop:dbus-glib	freedesktop dbus-glib	le	0.100
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.86
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.96
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.78
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.92
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.82
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.94
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.73
freedesktop:dbus-glib	freedesktop dbus-glib	eq	0.98