[2/5] D-Bus “send_interface” Security Policy Bypass
February 28th, 2008 by 
[2/5] D-Bus “send_interface” Security Policy Bypass
:A security issue has been reported in D-Bus, which can be exploited by malicious, local users to bypass certain security restrictions.The security issue is caused due to an error in the processing of messages with a NULL interface, which can be exploited to bypass security policy directives of the form "<allow send_interface= [interface]/>".The security issue is reported in versions prior to 1.1.20 or 1.0.3.Solution:Update to version 1.1.20 or 1.0.3.Provided and/or discovered by:Havoc PenningtonOriginal Advisory:http://www.freedesktop.org/wiki/Software/dbushttp://lists.freedesktop.org/archives/dbus/2008-February/009401.html
Original post by amit
[2/5] D-Bus “send_interface” Security Policy Bypass
Related Articles:
[2/5] Websense User-Agent Filtering Bypass Security Issue [2/5] Apache Tomcat JULI Logging Component Security Bypass [2/5] F-Secure Policy Manager Server Host Module Denial of Service Vulnerability [3/5] eZ Publish Two Security Bypass Vulnerabilities [2/5] Trend Micro OfficeScan 8.0 Policy Server Denial of Service
Posted in Advisories - Exploits | 
| [2/5] D-Bus “send_interface” Security Policy Bypass