4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.6%
D-Bus is a system for sending messages between applications. It is used
both for the system-wide message bus service, and as a
per-user-login-session messaging facility.
Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. (CVE-2008-0595)
Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that
would allow a user to leverage this flaw to elevate their privileges.
This flaw does not affect the version of D-Bus shipped in Red Hat
Enterprise Linux 4.
All users are advised to upgrade to these updated dbus packages, which
contain a backported patch and are not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ppc64 | dbus-devel | <ย 1.0.0-6.3.el5_1 | dbus-devel-1.0.0-6.3.el5_1.ppc64.rpm |
RedHat | 5 | s390x | dbus-x11 | <ย 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.s390x.rpm |
RedHat | 5 | s390x | dbus | <ย 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.s390x.rpm |
RedHat | 5 | x86_64 | dbus-devel | <ย 1.0.0-6.3.el5_1 | dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm |
RedHat | 5 | i386 | dbus-x11 | <ย 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.i386.rpm |
RedHat | 5 | ia64 | dbus-x11 | <ย 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.ia64.rpm |
RedHat | 5 | ppc | dbus | <ย 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.ppc.rpm |
RedHat | 5 | i386 | dbus | <ย 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.i386.rpm |
RedHat | 5 | ia64 | dbus | <ย 1.0.0-6.3.el5_1 | dbus-1.0.0-6.3.el5_1.ia64.rpm |
RedHat | 5 | x86_64 | dbus-x11 | <ย 1.0.0-6.3.el5_1 | dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm |