Main Vulnerability Database Vulnerabilities #VU6932

Security restrictions bypass in D-Bus - #VU6932

Published: June 6, 2017 / Updated: June 9, 2017

Vulnerability identifier: #VU6932

CSH Severity: Low

CVSS v4.0:

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Freedesktop.org

Affected software:
D-Bus

Detailed vulnerability description

Multiple vulnerabilities in D-Bus might allow an attacker to overwrite files with a fixed filename in arbitrary directories or conduct a symlink attack.

An attacker could possibly overwrite arbitrary files named “once” with content not controlled by the attacker.

A local attacker could perform a symlink attack against D-Bus’ test suite.

Remediation

Update to version 1.10.18.

Sources

http://www.openwall.com/lists/oss-security/2017/02/16/4

Security restrictions bypass in D-Bus - #VU6932

Detailed vulnerability description

Remediation

Sources

Please verify you're human