CVE-2005-0201 - D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is kno

CVE-2005-0201

Summary

D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

References

Vulnerable Configurations

cpe:2.3:a:d-bus:d-bus:*:*:*:*:*:*:*:*
cpe:2.3:a:d-bus:d-bus:*:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 03-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2013-04-29T04:10:22.793-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10973

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2005:102

rpms

dbus-0:0.22-12.EL.2
dbus-debuginfo-0:0.22-12.EL.2
dbus-devel-0:0.22-12.EL.2
dbus-glib-0:0.22-12.EL.2
dbus-python-0:0.22-12.EL.2
dbus-x11-0:0.22-12.EL.2

refmap via4

auscert	ESB-2005.0435
bid	12435
mandrake	MDKSA-2005:105
sectrack	1013075
secunia	14119 15638 15833 15844
ubuntu	USN-144-1

Last major update

03-10-2018 - 21:29

Published

29-06-2005 - 04:00

Last modified

03-10-2018 - 21:29