CVE-2008-0595
Publication date 29 February 2008
Last updated 24 July 2024
Ubuntu priority
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Status
Package | Ubuntu Release | Status |
---|---|---|
dbus | 8.04 LTS hardy |
Fixed 1.1.20-1ubuntu1
|
7.10 gutsy |
Fixed 1.1.1-3ubuntu4.2
|
|
7.04 feisty |
Fixed 1.0.2-1ubuntu4.2
|
|
6.10 edgy | Ignored end of life | |
6.06 LTS dapper |
Fixed 0.60-6ubuntu8.3
|
Notes
Patch details
Package | Patch details |
---|---|
dbus |