Your submission was sent successfully! Close

CVE-2008-0595

Published: 29 February 2008

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Priority

Medium

Status

Package Release Status
dbus
Launchpad, Ubuntu, Debian
dapper
Released (0.60-6ubuntu8.3)
edgy Ignored
(edgy EOL)
feisty
Released (1.0.2-1ubuntu4.2)
gutsy
Released (1.1.1-3ubuntu4.2)
hardy
Released (1.1.20-1ubuntu1)
upstream Needs triage