First published: Fri Feb 29 2008(Updated: )
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mandrakesoft Mandrake Linux | =2008.0 | |
Mandrakesoft Mandrake Linux | =2007.1 | |
Mandrakesoft Mandrake Linux | =2007 | |
Mandrakesoft Mandrake Linux | =2007.1 | |
Redhat Enterprise Linux | =5.0 | |
Mandrakesoft Mandrake Linux | =2008.0 | |
Mandrakesoft Mandrake Linux | =2007.0_x86_64 | |
Redhat Enterprise Linux | =5 | |
Fedoraproject Fedora | =7 | |
Freedesktop Dbus | >=1.1.0<1.1.20 | |
Freedesktop Dbus | <1.0.3 | |
Mandrakesoft Mandrake Linux | =2007.1 | |
Mandrakesoft Mandrake Linux | =2008.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.