CVE-2013-0292 – dbus-glib pam_fprintd - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2013-0292

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. La función dbus_g_proxy_manager_filter en dbus-gproxy en Dbus-glib anterior a v0.100.1 no verifica correctamente el emisor de señales NameOwnerChanged, permitiendo a usuarios locales obtener privilegios a través de una señal falsificada. • https://www.exploit-db.com/exploits/33614 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/90302 http://rhn.redhat.com/errata/RHSA-2013-0568.html http://secunia.com/advisories/52225 http://secunia.com/advisories/52375 http://secunia.com/advisories/52404 http://www.exploit-db.com/exploits/33614 http&# • CWE-20: Improper Input Validation •