Lucene search

K

Veracode Vulnerability DatabaseVERACODE:20789

HistoryJul 15, 2019 - 12:07 a.m.

Authentication Bypass

2019-07-1500:07:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

dbus is vulnerable to authentication bypass. A mishandling of the reference implementation of the DBUS_COOKIE_SHA allows an attacker with write access to its own home directory to spoof the cookie by manipulating a ~/.dbus-keyrings symlink which causes the DBusServer with a different uid to read and write in unintended locations.

CPENameOperatorVersion
dbuseq1.2.24__5.el6_1
dbuseq1.2.24__7.el6_3
dbuseq1.12.8__7.el8
dbuseq1.2.24__3.el6
dbuseq1.2.24__8.el6_6
dbuseq1.10.24__12.el7
dbuseq1.10.24__13.el7_6
dbuseq1.2.24__9.el6
dbuseq1.10.24__14.el7_8
dbuseq1.2.24__4.el6_0

Rows per page:

1-10 of 221

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html

www.openwall.com/lists/oss-security/2019/06/11/2

www.securityfocus.com/bid/108751

access.redhat.com/errata/RHSA-2019:1726

access.redhat.com/errata/RHSA-2019:2868

access.redhat.com/errata/RHSA-2019:2870

access.redhat.com/errata/RHSA-2019:3707

access.redhat.com/security/updates/classification/#important

lists.debian.org/debian-lts-announce/2019/06/msg00005.html

lists.fedoraproject.org/archives/list/[email protected]/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/

seclists.org/bugtraq/2019/Jun/16

security.gentoo.org/glsa/201909-08

usn.ubuntu.com/4015-1/

usn.ubuntu.com/4015-2/

www.debian.org/security/2019/dsa-4462

www.openwall.com/lists/oss-security/2019/06/11/2

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

Related for VERACODE:20789

fedora1 nessus46 prion1 redhatcve1 osv3 redhat12 openvas22 ubuntu2 suse3 oraclelinux3 ibm6 alpinelinux1 centos2 cbl_mariner2 ubuntucve1 amazon2 f51 mageia1 gentoo1 cloudfoundry1 debian3 archlinux1 cve1 debiancve1 photon4