7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
dbus is vulnerable to authentication bypass. A mishandling of the reference implementation of the DBUS_COOKIE_SHA
allows an attacker with write access to its own home directory to spoof the cookie by manipulating a ~/.dbus-keyrings
symlink which causes the DBusServer with a different uid to read and write in unintended locations.
lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html
www.openwall.com/lists/oss-security/2019/06/11/2
www.securityfocus.com/bid/108751
access.redhat.com/errata/RHSA-2019:1726
access.redhat.com/errata/RHSA-2019:2868
access.redhat.com/errata/RHSA-2019:2870
access.redhat.com/errata/RHSA-2019:3707
access.redhat.com/security/updates/classification/#important
lists.debian.org/debian-lts-announce/2019/06/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/
seclists.org/bugtraq/2019/Jun/16
security.gentoo.org/glsa/201909-08
usn.ubuntu.com/4015-1/
usn.ubuntu.com/4015-2/
www.debian.org/security/2019/dsa-4462
www.openwall.com/lists/oss-security/2019/06/11/2
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N