CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0CVE-2008-4311
https://notcve.org/view.php?id=CVE-2008-4311
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. La configuración por defecto de system.conf en D-Bus (alias DBus) y versiones anteriores a 1.2.6 omite el atributo send_type en ciertas reglas, el cual permite a los usuarios locales evitar las restricciones de acceso (1) enviando mensajes, en relación a send_requested_reply; y posiblemente (2) recibiendo mensajes, relativos a receive_requested_reply. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 http://forums.fedoraforum.org/showthread.php?t=206797 http://lists.freedesktop.org/archives/dbus/2008-December/010702.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html http://secunia.com/advisories/ • CWE-16: Configuration •