ID CVE-2008-4311
Summary The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 32674
confirm
fedora FEDORA-2008-10907
mlist [dbus] 20081205 [CVE-2008-4311] DBus 1.2.6
secunia
  • 33047
  • 33055
  • 34360
  • 34642
suse
  • SUSE-SA:2009:013
  • SUSE-SR:2009:008
  • SUSE-SR:2009:009
  • openSUSE-SU-2012:1418
vupen ADV-2008-3355
xf dbus-sendreceive-security-bypass(47138)
Last major update 08-08-2017 - 01:32
Published 10-12-2008 - 00:30
Back to Top