CVE-2010-1172

dbus-glib: property access not validated

Severity Score

3.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.

DBus-GLib v0.73 no tiene en cuenta la bandera de acceso en las propiedades GObject exportadas, lo que permite a usuarios locales evitar restricciones de acceso establecidas y posiblemente provocar una denegación de servicio modificando las propiedades, como es demostrado en las propiedades de los servicios (1) DeviceKit-Power, (2) NetworkManager, y (3) ModemManager.

*Credits: N/A

CVSS Scores

NISTv2 3.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-03-29 CVE Reserved
2010-08-20 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (16)

URL	Tag	Source
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0	X_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	X_refsource_confirm
http://secunia.com/advisories/42397	Third Party Advisory
http://support.avaya.com/css/P8/documents/100113103	X_refsource_confirm
http://www.securityfocus.com/bid/42347	Vdb Entry
http://www.vupen.com/english/advisories/2010/3097	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/61041	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	2017-08-17
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	2017-08-17
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html	2017-08-17
http://secunia.com/advisories/40908	2017-08-17
http://secunia.com/advisories/40925	2017-08-17
http://www.redhat.com/support/errata/RHSA-2010-0616.html	2017-08-17
http://www.vupen.com/english/advisories/2010/2063	2017-08-17
https://bugzilla.redhat.com/show_bug.cgi?id=585394	2010-08-10
https://access.redhat.com/security/cve/CVE-2010-1172	2010-08-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freedesktop Search vendor "Freedesktop"		Dbus-glib Search vendor "Freedesktop" for product "Dbus-glib"				0.73 Search vendor "Freedesktop" for product "Dbus-glib" and version "0.73"		-		Affected