CVE-2008-4311 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-4311 PUBLISHED CVSS 4.599999904632568 MEDIUM

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

EPSS 0.04% · 13.4th percentile

Risk Scores

CVSS v2.0

4.599999904632568

EPSS Score

0.04%

13.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
freedesktop	dbus	0, 0.1, 0.2

Timeline

Dec 10, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://bugs.freedesktop.org/show_bug.cgi?id=18229 url
33047 third-party-advisory
openSUSE-SU-2012:1418 vendor-advisory
dbus-sendreceive-security-bypass(47138) vdb
34642 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=474895 url
ADV-2008-3355 vdb
SUSE-SR:2009:008 vendor-advisory
FEDORA-2008-10907 vendor-advisory
33055 third-party-advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 url
http://forums.fedoraforum.org/showthread.php?t=206797 url
34360 third-party-advisory
[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6 mailing-list
SUSE-SR:2009:009 vendor-advisory
32674 vdb
SUSE-SA:2009:013 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2008-4311 advisory

Open in Interactive Console →