RSS   Vulnerabilities for
'Inter-process communication system'
   RSS

2008-02-29
 
CVE-2008-0595

CWE-264
 

 
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

 

 >>> Vendor: D-bus 2 Products
D-bus
Inter-process communication system


Copyright 2024, cxsecurity.com

 

Back to Top