CVE-2008-0595 — MEDIUM (4.6)

Q: How severe is CVE-2008-0595?

CVE-2008-0595 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0595?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mandrakesoft Mandrake Linux, Redhat Enterprise Linux, Freedesktop Dbus.

Vulnerability Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	7
Mandrakesoft	Mandrake Linux	2007
Redhat	Enterprise Linux	5
Freedesktop	Dbus	< 1.0.3

Related Weaknesses (CWE)

CWE-863

References

http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlPatchThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlThird Party Advisory
http://secunia.com/advisories/29148Broken Link
http://secunia.com/advisories/29160Broken Link
http://secunia.com/advisories/29171Broken Link
http://secunia.com/advisories/29173Broken Link
http://secunia.com/advisories/29281Broken Link
http://secunia.com/advisories/29323Broken Link
http://secunia.com/advisories/30869Broken Link
http://secunia.com/advisories/32281Broken Link
http://securitytracker.com/id?1019512Third Party AdvisoryVDB Entry
http://wiki.rpath.com/Advisories:rPSA-2008-0099Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099Third Party Advisory
http://www.debian.org/security/2008/dsa-1599Third Party Advisory

FAQ

What is CVE-2008-0595?

CVE-2008-0595 is a vulnerability with a CVSS score of 4.6 (MEDIUM). dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local us...

How severe is CVE-2008-0595?

CVE-2008-0595 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0595?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mandrakesoft Mandrake Linux, Redhat Enterprise Linux, Freedesktop Dbus.