Back to search
CVE-2008-4311
Published: Dec 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.freedesktop.org/show_bug.cgi?id=18229
x_refsource_CONFIRM
33047
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:1418
vendor-advisory
x_refsource_SUSE
dbus-sendreceive-security-bypass(47138)
vdb-entry
x_refsource_XF
34642
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=474895
x_refsource_CONFIRM
ADV-2008-3355
vdb-entry
x_refsource_VUPEN
SUSE-SR:2009:008
vendor-advisory
x_refsource_SUSE
FEDORA-2008-10907
vendor-advisory
x_refsource_FEDORA
33055
third-party-advisory
x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532
x_refsource_CONFIRM
http://forums.fedoraforum.org/showthread.php?t=206797
x_refsource_CONFIRM
34360
third-party-advisory
x_refsource_SECUNIA
[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6
mailing-list
x_refsource_MLIST
SUSE-SR:2009:009
vendor-advisory
x_refsource_SUSE
32674
vdb-entry
x_refsource_BID
SUSE-SA:2009:013
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now