local privilege escalation in dbus-1, hal, NetworkManager, PackageKit, ...

2009-03-1717:12:10

lists.opensuse.org

0.0004 Low

EPSS

Percentile

8.6%

JSON

Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that intended access control for some services was not applied. The updated DBus package now installs a new policy that denies access by default. Unfortunately some DBus services actually relied on the insecure default setting and break with the new policy. Therefore quite a number of packages is affected by this DBus update. The updated DBus daemon now logs access violations via syslog. If you see log entries about rejected messages of type “method_call” during normal operation the application that caused it likely needs an updated DBus policy. Please contact the application vendor in this case.

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server10.2ia64dbus-1-python< 0.60-33.25dbus-1-python-0.60-33.25.ia64.rpm
openSUSE11.0ppcdbus-1-debugsource< 1.2.1-15.4dbus-1-debugsource-1.2.1-15.4.ppc.rpm
openSUSE11.1ppcbluez-debuginfo< 4.22-6.1.1bluez-debuginfo-4.22-6.1.1.ppc.rpm
SUSE Linux Enterprise Server10.2ppchal-debuginfo< 0.5.6-33.41hal-debuginfo-0.5.6-33.41.ppc.rpm
openSUSE11.1x86_64packagekit-devel< 0.3.11-1.13.1PackageKit-devel-0.3.11-1.13.1.x86_64.rpm
openSUSE11.0x86_64dbus-1-qt3< 0.62-179.1dbus-1-qt3-0.62-179.1.x86_64.rpm
openSUSE11.1ppcpolicykit-debugsource< 0.9-13.17.1PolicyKit-debugsource-0.9-13.17.1.ppc.rpm
openSUSE10.3ppcdbus-1< 1.0.2-59.8dbus-1-1.0.2-59.8.ppc.rpm
openSUSE11.0x86_64packagekit-debugsource< 0.2.1-15.10PackageKit-debugsource-0.2.1-15.10.x86_64.rpm
openSUSE11.1i586hal-devel< 0.5.12-10.13.1hal-devel-0.5.12-10.13.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	10.2	ia64	dbus-1-python	< 0.60-33.25	dbus-1-python-0.60-33.25.ia64.rpm
openSUSE	11.0	ppc	dbus-1-debugsource	< 1.2.1-15.4	dbus-1-debugsource-1.2.1-15.4.ppc.rpm
openSUSE	11.1	ppc	bluez-debuginfo	< 4.22-6.1.1	bluez-debuginfo-4.22-6.1.1.ppc.rpm
SUSE Linux Enterprise Server	10.2	ppc	hal-debuginfo	< 0.5.6-33.41	hal-debuginfo-0.5.6-33.41.ppc.rpm
openSUSE	11.1	x86_64	packagekit-devel	< 0.3.11-1.13.1	PackageKit-devel-0.3.11-1.13.1.x86_64.rpm
openSUSE	11.0	x86_64	dbus-1-qt3	< 0.62-179.1	dbus-1-qt3-0.62-179.1.x86_64.rpm
openSUSE	11.1	ppc	policykit-debugsource	< 0.9-13.17.1	PolicyKit-debugsource-0.9-13.17.1.ppc.rpm
openSUSE	10.3	ppc	dbus-1	< 1.0.2-59.8	dbus-1-1.0.2-59.8.ppc.rpm
openSUSE	11.0	x86_64	packagekit-debugsource	< 0.2.1-15.10	PackageKit-debugsource-0.2.1-15.10.x86_64.rpm
openSUSE	11.1	i586	hal-devel	< 0.5.12-10.13.1	hal-devel-0.5.12-10.13.1.i586.rpm