CVE-2013-0292

critical

Description

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82135

https://bugs.freedesktop.org/show_bug.cgi?id=60916

http://www.ubuntu.com/usn/USN-1753-1

http://www.securityfocus.com/bid/57985

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.openwall.com/lists/oss-security/2013/02/15/10

http://www.mandriva.com/security/advisories?name=MDVSA-2013:071

http://www.exploit-db.com/exploits/33614

http://secunia.com/advisories/52404

http://secunia.com/advisories/52375

http://secunia.com/advisories/52225

http://rhn.redhat.com/errata/RHSA-2013-0568.html

http://osvdb.org/90302

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658

Details

Source: Mitre, NVD

Published: 2013-03-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

Detections

Analytics