CVE-2008-4311

Publication date 10 December 2008

Last updated 24 July 2024


Ubuntu priority

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Read the notes from the security team

Status

Package Ubuntu Release Status
dbus 8.10 intrepid Ignored
8.04 LTS hardy Ignored
7.10 gutsy Ignored
6.06 LTS dapper Ignored

Notes


kees

Ubuntu's dbus clients are not believed to be vulnerable.