CVE-2008-4311

Publication date 10 December 2008

Last updated 24 July 2024

Ubuntu priority

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dbus	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

Ubuntu's dbus clients are not believed to be vulnerable.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4311