CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
10.1%
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6
omits the send_type attribute in certain rules, which allows local users to
bypass intended access restrictions by (1) sending messages, related to
send_requested_reply; and possibly (2) receiving messages, related to
receive_requested_reply.
Author | Note |
---|---|
kees | Ubuntu’s dbus clients are not believed to be vulnerable. |