DEBIAN-CVE-2008-0595

DEBIAN-CVE-2008-0595 PUBLISHED

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Affected Products

Vendor	Product	Versions
Debian:12	dbus	0, 0, 0
Debian:14	dbus	0, 0, 0
Debian:13	dbus	0, 0, 0
Debian:11	dbus	0, 0, 0

Timeline

Feb 29, 2008 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2008-0595 advisory

Open in Interactive Console →