CVE-2013-0292
Published: 15 February 2013
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Notes
Author | Note |
---|---|
seth-arnold | local privilege escalation demonstrated with pam_fprintd dbus-glib is deprecated |
Priority
Status
Package | Release | Status |
---|---|---|
dbus-glib Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(0.84-1ubuntu0.3)
|
|
oneiric |
Released
(0.94-4ubuntu0.1)
|
|
precise |
Released
(0.98-1ubuntu1.1)
|
|
quantal |
Released
(0.100-1ubuntu0.1)
|
|
upstream |
Released
(0.100.1-1)
|
|
Patches: upstream: http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca vendor: https://rhn.redhat.com/errata/RHSA-2013-0568.html |