CVE-2008-0595 Detail

CVE-2008-0595

CVE Descriptions

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-863	Incorrect Authorization The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.6		AV:L/AC:L/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Fedoraproject>>Fedora >> Version 7

Fedoraproject>>Fedora >> Version 7 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2007

Mandrakesoft>>Mandrake_linux >> Version 2007 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2007.0_x86_64

Mandrakesoft>>Mandrake_linux >> Version 2007.0_x86_64 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2007.1

Mandrakesoft>>Mandrake_linux >> Version 2007.1 (Open CPE detail)
Mandrakesoft>>Mandrake_linux >> Version 2007.1 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2007.1

Mandrakesoft>>Mandrake_linux >> Version 2007.1 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2008.0

Mandrakesoft>>Mandrake_linux >> Version 2008.0 (Open CPE detail)
Mandrakesoft>>Mandrake_linux >> Version 2008.0 (Open CPE detail)
Mandrakesoft>>Mandrake_linux >> Version 2008.0 (Open CPE detail)

Mandrakesoft>>Mandrake_linux >> Version 2008.0

Mandrakesoft>>Mandrake_linux >> Version 2008.0 (Open CPE detail)

Redhat>>Enterprise_linux >> Version 5

Redhat>>Enterprise_linux >> Version 5 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 5 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 5 (Open CPE detail)

Redhat>>Enterprise_linux >> Version 5.0

Redhat>>Enterprise_linux >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 5.0 (Open CPE detail)

Configuraton 0

Freedesktop>>Dbus >> Version To (excluding) 1.0.3

Freedesktop>>Dbus >> Version 0.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.2 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.3 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.4 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.5 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.6 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.7 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.8 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.9 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.10 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.11 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.12 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.13 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.20 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.21 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.22 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.23 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.23.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.23.2 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.23.3 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.23.4 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.31 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.32.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.33.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.35.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.35.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.35.2 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.36.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.36.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.36.2 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.50 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.60 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.61 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.62 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.90 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.91 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.92 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.93 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.94 (Open CPE detail)
Freedesktop>>Dbus >> Version 0.95 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.0.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.0.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.0.2 (Open CPE detail)

Freedesktop>>Dbus >> Version From (including) 1.1.0 To (excluding) 1.1.20

Freedesktop>>Dbus >> Version 1.1.0 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.1.1 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.1.2 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.1.3 (Open CPE detail)
Freedesktop>>Dbus >> Version 1.1.4 (Open CPE detail)

References

http://secunia.com/advisories/29281
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0694
Tags : vdb-entry, x_refsource_VUPEN

http://www.redhat.com/support/errata/RHSA-2008-0159.html
Tags : vendor-advisory, x_refsource_REDHAT

http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
Tags : vendor-advisory, x_refsource_SUSE

http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/29160
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/29148
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/
Tags : x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html
Tags : vendor-advisory, x_refsource_FEDORA

http://secunia.com/advisories/29173
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDVSA-2008:054
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/29171
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/archive/1/489280/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099
Tags : x_refsource_CONFIRM

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353
Tags : vdb-entry, signature, x_refsource_OVAL

http://securitytracker.com/id?1019512
Tags : vdb-entry, x_refsource_SECTRACK

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE

http://secunia.com/advisories/32281
Tags : third-party-advisory, x_refsource_SECUNIA

http://wiki.rpath.com/Advisories:rPSA-2008-0099
Tags : x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html
Tags : vendor-advisory, x_refsource_FEDORA

http://www.debian.org/security/2008/dsa-1599
Tags : vendor-advisory, x_refsource_DEBIAN

http://secunia.com/advisories/29323
Tags : third-party-advisory, x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-2282
Tags : x_refsource_CONFIRM

http://secunia.com/advisories/30869
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/bid/28023
Tags : vdb-entry, x_refsource_BID

http://www.ubuntu.com/usn/usn-653-1
Tags : vendor-advisory, x_refsource_UBUNTU

CVE-2008-0595 : Detail

CVE-2008-0595

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

References