- Home
- CVEs with nessus.description==From Red Hat Security Advisory 2013:0568 :
Updated dbus-glib packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model.
A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the 'NameOwnerChanged' signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292)
All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top