Vulnerability Name:

CVE-2005-0201 (CCN-19209)

Assigned:2005-01-31
Published:2005-01-31
Updated:2018-10-03
Summary:D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0201

Source: CCN
Type: BugTraq Mailing List, 2005-06-27 16:14:52
dbus vulnerability

Source: CCN
Type: RHSA-2005-102
dbus security update.

Source: CCN
Type: SA14119
D-BUS Session Bus Hijack Vulnerability

Source: SECUNIA
Type: UNKNOWN
14119

Source: SECUNIA
Type: UNKNOWN
15638

Source: SECUNIA
Type: UNKNOWN
15833

Source: SECUNIA
Type: UNKNOWN
15844

Source: CCN
Type: SECTRACK ID: 1013075
D-BUS Allows Local Users to Connect to the Session Bus

Source: SECTRACK
Type: UNKNOWN
1013075

Source: AUSCERT
Type: Vendor Advisory
ESB-2005.0435

Source: CCN
Type: D-BUS Web page
freedesktop.org

Source: MANDRAKE
Type: Patch, Vendor Advisory
MDKSA-2005:105

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:102

Source: BID
Type: UNKNOWN
12435

Source: CCN
Type: BID-12435
D-BUS Session Bus Local Privilege Escalation Vulnerability

Source: CCN
Type: USN-144-1
dbus vulnerability

Source: XF
Type: UNKNOWN
dbus-session-hijack(19209)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10973

Source: UBUNTU
Type: UNKNOWN
USN-144-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:d-bus:d-bus:*:*:*:*:*:*:*:* (Version <= 0.22)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:freedesktop:dbus-glib:0.72:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10973
    V
    		D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
    2013-04-29
    oval:com.redhat.rhsa:def:20050102
    P
    		RHSA-2005:102: dbus security update. (Low)
    2005-06-08
    BACK
    d-bus d-bus *
    freedesktop dbus-glib 0.72
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0