Freedesktop Dbus-glib up to 0.100 dbus_g_proxy_manager_filter input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Freedesktop Dbus-glib up to 0.100. This affects the function dbus_g_proxy_manager_filter. Performing a manipulation results in input validation.
This vulnerability is reported as CVE-2013-0292. Moreover, an exploit is present.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability, which was classified as critical, was found in Freedesktop Dbus-glib up to 0.100. This affects the function dbus_g_proxy_manager_filter. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
The weakness was disclosed 03/05/2013 by Sebastian Krahmer as confirmed git commit (GIT Repository). It is possible to read the advisory at cgit.freedesktop.org. This vulnerability is uniquely identified as CVE-2013-0292 since 12/06/2012. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
A public exploit has been developed by Sebastian Krahmer in ANSI C and been published 2 years after the advisory. The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 68765 (Oracle Linux 5 / 6 : dbus-glib (ELSA-2013-0568)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120965 (Red Hat Update for dbus-glib (RHSA-2013:0568)).
Upgrading to version 0.74 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at cgit.freedesktop.org. The best possible mitigation is suggested to be patching the affected component.
The vulnerability is also documented in the databases at X-Force (82135), Exploit-DB (33614), Tenable (68765), SecurityFocus (BID 57985†) and OSVDB (90302†). Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.4VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.4
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Sebastian Krahmer
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 68765
Nessus Name: Oracle Linux 5 / 6 : dbus-glib (ELSA-2013-0568)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881618
OpenVAS Name: CentOS Update for dbus-glib CESA-2013:0568 centos5
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Dbus-glib 0.74
Patch: cgit.freedesktop.org
Timeline
12/06/2012 🔍02/15/2013 🔍
02/15/2013 🔍
02/19/2013 🔍
03/05/2013 🔍
03/05/2013 🔍
03/14/2013 🔍
07/12/2013 🔍
06/02/2014 🔍
06/02/2014 🔍
03/24/2015 🔍
12/28/2024 🔍
Sources
Advisory: RHSA-2013:0568Researcher: Sebastian Krahmer
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-0292 (🔍)
GCVE (CVE): GCVE-0-2013-0292
GCVE (VulDB): GCVE-100-63687
OVAL: 🔍
X-Force: 82135
SecurityFocus: 57985 - dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
Secunia: 52225 - dbus-glib D-Bus GLib Bindings "NameOwnerChanged" Signal Handling Vulnerability, Less Critical
OSVDB: 90302
Vulnerability Center: 38773 - Freedesktop dbus-glib <0.100.1 Linux Library Local Host Privilege Escalation Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/24/2015 12:22Updated: 12/28/2024 18:15
Changes: 03/24/2015 12:22 (73), 04/25/2017 23:01 (15), 12/29/2021 22:19 (3), 12/29/2021 22:33 (1), 12/29/2021 22:44 (2), 11/29/2024 06:12 (14), 12/28/2024 18:15 (6)
Complete: 🔍
Cache ID: 216:773:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.