Vulnerability Description
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D-Bus | D-Bus | <= 0.22 |
References
- http://secunia.com/advisories/14119
- http://secunia.com/advisories/15638
- http://secunia.com/advisories/15833
- http://secunia.com/advisories/15844
- http://securitytracker.com/id?1013075
- http://www.auscert.org.au/render.html?it=5156Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:105PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-102.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/12435
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://usn.ubuntu.com/144-1/
- http://secunia.com/advisories/14119
- http://secunia.com/advisories/15638
- http://secunia.com/advisories/15833
- http://secunia.com/advisories/15844
FAQ
What is CVE-2005-0201?
CVE-2005-0201 is a vulnerability with a CVSS score of 2.1 (LOW). D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session...
How severe is CVE-2005-0201?
CVE-2005-0201 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0201?
Check the references section above for vendor advisories and patch information. Affected products include: D-Bus D-Bus.