CVE-2008-0595

2008-02-2919:44:00

CWE-863

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.3

Confidence

High

EPSS

Percentile

12.7%

JSON

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch7

mandrakesoftmandrake_linuxMatch2007

mandrakesoftmandrake_linuxMatch2007.0_x86_64

mandrakesoftmandrake_linuxMatch2007.1

mandrakesoftmandrake_linuxMatch2007.1x86_64

mandrakesoftmandrake_linuxMatch2008.0

mandrakesoftmandrake_linuxMatch2008.0x86_64

redhatenterprise_linuxMatch5client_workstation

redhatenterprise_linuxMatch5.0

Node

freedesktopdbusRange<1.0.3

freedesktopdbusRange1.1.0–1.1.20

VendorProductVersionCPE
fedoraprojectfedora7cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2007cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2007.0_x86_64cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2007.1cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2007.1cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
mandrakesoftmandrake_linux2008.0cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2008.0cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
redhatenterprise_linux5cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
redhatenterprise_linux5.0cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
freedesktopdbus*cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	7	cpe:2.3:o:fedoraproject:fedora:7:::::::*
mandrakesoft	mandrake_linux	2007	cpe:2.3:o:mandrakesoft:mandrake_linux:2007:::::::*
mandrakesoft	mandrake_linux	2007.0_x86_64	cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:::::::*
mandrakesoft	mandrake_linux	2007.1	cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:::::::*
mandrakesoft	mandrake_linux	2007.1	cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1::x86_64:::::
mandrakesoft	mandrake_linux	2008.0	cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:::::::*
mandrakesoft	mandrake_linux	2008.0	cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0::x86_64:::::
redhat	enterprise_linux	5	cpe:2.3:o:redhat:enterprise_linux:5::client_workstation:::::
redhat	enterprise_linux	5.0	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
freedesktop	dbus	*	cpe:2.3:a:freedesktop:dbus::::::::