Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-0292

Published: 15 February 2013

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Notes

AuthorNote
seth-arnold
local privilege escalation demonstrated with pam_fprintd
dbus-glib is deprecated

Priority

Medium

Status

Package Release Status
dbus-glib
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid
Released (0.84-1ubuntu0.3)
oneiric
Released (0.94-4ubuntu0.1)
precise
Released (0.98-1ubuntu1.1)
quantal
Released (0.100-1ubuntu0.1)
upstream
Released (0.100.1-1)
Patches:
upstream: http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca
vendor: https://rhn.redhat.com/errata/RHSA-2013-0568.html