Ubuntu
dbus package

[dbus] [CVE-2008-0595] vulnerability in how the dbus-daemon applies its security policy

Bug #198661 reported by disabled.user on 2008-03-05

258

Affects		Status	Importance	Assigned to	Milestone
	dbus (Ubuntu)	Fix Released	Medium	Kees Cook

Bug Description

References:
MDVSA-2008:054 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:054)

Quoting:
"A vulnerability was discovered by Havoc Pennington in how the
dbus-daemon applied its security policy. A user with the ability
to connect to the dbus-daemon could possibly execute certain method
calls that they should not normally have access to."

CVE References

2008-0595

Revision history for this message

Thilo Uttendorfer (t-lo) wrote on 2008-09-19:

This bug is fixed in in Ubuntu Hardy, but it seems that there are no security updates for older Ubuntu versions. Did I miss something?

Revision history for this message

Kees Cook (kees) wrote on 2008-10-14:

This problem has been addressed with the following USN:

http://www.ubuntu.com/usn/usn-653-1

Please feel free to report future bugs.

Changed in dbus:
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudbus package