mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
375 lines
14 KiB
JSON
375 lines
14 KiB
JSON
{
|
|
"id": "CVE-2008-4311",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2008-12-10T00:30:00.220",
|
|
"lastModified": "2017-08-08T01:32:32.953",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La configuraci\u00f3n por defecto de system.conf en \r\nD-Bus (alias DBus) y versiones anteriores a 1.2.6 omite el atributo send_type en ciertas reglas, el cual permite a los usuarios locales evitar las restricciones de acceso (1) enviando mensajes, en relaci\u00f3n a send_requested_reply; y posiblemente (2) recibiendo mensajes, relativos a receive_requested_reply."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.6
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-16"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.2.4",
|
|
"matchCriteriaId": "BA717BEA-178B-462B-A6D7-D355366F5A2C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://forums.fedoraforum.org/showthread.php?t=206797",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/33047",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/33055",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/34360",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/34642",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/32674",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/3355",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html",
|
|
"source": "secalert@redhat.com"
|
|
}
|
|
]
|
|
} |