CVE-2008-0595

EPSS 0.07%

dbus

Published: 2/29/2008Modified: 4/28/2026

Also known as:DEBIAN-CVE-2008-0595

Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Affected packages (2)

Debian/dbusfrom 0, < 1.1.20-1
Debian/dbusfrom 0, < 1.0.2-1+etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-0595