FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dbus-glib -- privledge escalation

Affected packages
dbus-glib < 0.100.1
linux-f10-dbus-glib < 0.100.1

Details

VuXML ID 77bb0541-c1aa-11e3-a5ac-001b21614864
Discovery 2013-02-15
Entry 2014-04-11
Modified 2014-04-30

Sebastian Krahmer reports:

A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender (message source subject), when the NameOwnerChanged signal was received. A local attacker could use this flaw to escalate their privileges.

References

CVE Name CVE-2013-0292
URL https://bugs.freedesktop.org/show_bug.cgi?id=60916