Fluid Attacks Database

Description

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	dbus	-	-
debian 11	dbus	>=0 <1.2.1-5	1.2.1-5
debian 12	dbus	>=0 <1.2.1-5	1.2.1-5
debian 13	dbus	>=0 <1.2.1-5	1.2.1-5
debian 14	dbus	>=0 <1.2.1-5	1.2.1-5

Aliases

1. CVE-2008-43112. NVD-2008-43113. OSV-2008-43114. OSV-DEBIAN-2008-43115. SECURITY-TRACKER-CVE-2008-4311

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.