CVE-2013-0292: Input Validation
First published: Mon Mar 04 2013(Updated: )
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS D-Bus GLib | <=0.100 | |
| CentOS D-Bus GLib | =0.72 | |
| CentOS D-Bus GLib | =0.73 | |
| CentOS D-Bus GLib | =0.74 | |
| CentOS D-Bus GLib | =0.76 | |
| CentOS D-Bus GLib | =0.78 | |
| CentOS D-Bus GLib | =0.80 | |
| CentOS D-Bus GLib | =0.82 | |
| CentOS D-Bus GLib | =0.84 | |
| CentOS D-Bus GLib | =0.86 | |
| CentOS D-Bus GLib | =0.88 | |
| CentOS D-Bus GLib | =0.90 | |
| CentOS D-Bus GLib | =0.92 | |
| CentOS D-Bus GLib | =0.94 | |
| CentOS D-Bus GLib | =0.96 | |
| CentOS D-Bus GLib | =0.98 |
Remedy
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658
- http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://osvdb.org/90302
- http://rhn.redhat.com/errata/RHSA-2013-0568.html
- http://secunia.com/advisories/52225
- http://secunia.com/advisories/52375
- http://secunia.com/advisories/52404
- http://www.exploit-db.com/exploits/33614
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:071
- http://www.openwall.com/lists/oss-security/2013/02/15/10
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/57985
- http://www.ubuntu.com/usn/USN-1753-1
- https://bugs.freedesktop.org/show_bug.cgi?id=60916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82135
Frequently Asked Questions
What is the severity of CVE-2013-0292?
CVE-2013-0292 has a medium severity level due to its potential to allow local users to gain privileges.
How do I fix CVE-2013-0292?
To fix CVE-2013-0292, you should update to dbus-glib version 0.100.1 or later.
What causes CVE-2013-0292?
CVE-2013-0292 is caused by the dbus_g_proxy_manager_filter function not properly verifying the sender of NameOwnerChanged signals.
Which versions of dbus-glib are affected by CVE-2013-0292?
CVE-2013-0292 affects all versions of dbus-glib before 0.100.1.
Does CVE-2013-0292 affect remote users as well?
No, CVE-2013-0292 specifically impacts local users who can spoof signals.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freedesktop
- canonical/centos d-bus glib
- version/centos d-bus glib/0.100
- version/centos d-bus glib/0.72
- version/centos d-bus glib/0.73
- version/centos d-bus glib/0.74
- version/centos d-bus glib/0.76
- version/centos d-bus glib/0.78
- version/centos d-bus glib/0.80
- version/centos d-bus glib/0.82
- version/centos d-bus glib/0.84
- version/centos d-bus glib/0.86
- version/centos d-bus glib/0.88
- version/centos d-bus glib/0.90
- version/centos d-bus glib/0.92
- version/centos d-bus glib/0.94
- version/centos d-bus glib/0.96
- version/centos d-bus glib/0.98