CVE-2005-0201
CVSS2.1
发布时间 :2005-06-29 00:00:00
修订时间 :2010-08-21 00:25:39
NMCOPS    

[原文]D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.


[CNNVD]D-BUS 本地提权漏洞(CNNVD-200506-233)

        D-BUS (dbus) 0.22之前的版本在套接字地址已知的情况下,没有正确限制对?套接字的访问权限,本地用户可利用此漏洞借助?套接字收听或发送其他用户per-user会话总线上的任意消息。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10973D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen o...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0201
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0201
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-233
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2005-102.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:102
http://www.mandriva.com/security/advisories?name=MDKSA-2005:105
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2005:105
http://www.ubuntulinux.org/support/documentation/usn/usn-144-1
(UNKNOWN)  UBUNTU  USN-144-1
http://www.auscert.org.au/render.html?it=5156
(VENDOR_ADVISORY)  AUSCERT  ESB-2005.0435
http://www.securityfocus.com/bid/12435
(UNKNOWN)  BID  12435
http://securitytracker.com/id?1013075
(UNKNOWN)  SECTRACK  1013075
http://secunia.com/advisories/15844
(UNKNOWN)  SECUNIA  15844
http://secunia.com/advisories/15833
(UNKNOWN)  SECUNIA  15833
http://secunia.com/advisories/15638
(UNKNOWN)  SECUNIA  15638
http://secunia.com/advisories/14119
(UNKNOWN)  SECUNIA  14119

- 漏洞信息

D-BUS 本地提权漏洞
低危 访问验证错误
2005-06-29 00:00:00 2005-10-20 00:00:00
本地  
        D-BUS (dbus) 0.22之前的版本在套接字地址已知的情况下,没有正确限制对?套接字的访问权限,本地用户可利用此漏洞借助?套接字收听或发送其他用户per-user会话总线上的任意消息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        D-BUS Inter-Process Communication System 0.22
        Fedora dbus-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-debuginfo-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-debuginfo-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-devel-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-devel-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-glib-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-glib-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-python-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-python-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-x11-0.22-10.FC3.2.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora dbus-x11-0.22-10.FC3.2.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Ubuntu dbus-1-dev_0.22-1ubuntu2.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ub untu2.1_amd64.deb
        Ubuntu dbus-1-dev_0.22-1ubuntu2.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ub untu2.1_i386.deb
        Ubuntu dbus-1-dev_0.22-1ubuntu2.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ub untu2.1_powerpc.deb
        Ubuntu dbus-1-utils_0.22-1ubuntu2.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1 ubuntu2.1_amd64.deb
        Ubuntu dbus-1-utils_0.22-1ubuntu2.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1 ubuntu2.1_i386.deb
        Ubuntu dbus-1-utils_0.22-1ubuntu2.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1 ubuntu2.1_powerpc.deb
        Ubuntu dbus-1_0.22-1ubuntu2.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu 2.1_amd64.deb
        Ubuntu dbus-1_0.22-1ubuntu2.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu 2.1_i386.deb
        Ubuntu dbus-1_0.22-1ubuntu2.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu 2.1_powerpc.deb
        Ubuntu dbus-glib-1-dev_0.22-1ubuntu2.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.2 2-1ubuntu2.1_amd64.deb
        Ubuntu dbus-glib-1-dev_0.22-1ubuntu2.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.2 2-1ubuntu2.1_i386.deb
        Ubuntu dbus-glib-1-dev_0.22-1ubuntu2.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.2 2-1ubuntu2.1_powerpc.deb
        Ubuntu dbus-glib-1_0.22-1ubuntu2.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1u buntu2.1_amd64.deb
        Ubuntu dbus-glib-1_0.22-1ubuntu2.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1u buntu2.1_i386.deb
        Ubuntu dbus-glib-1_0.22-1ubuntu2.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1u buntu2.1_powerpc.deb
        Ubuntu dbus/dbus-1-doc_0.22-1ubuntu2.1_all.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_0.22-1ub untu2.1_all.deb
        

- 漏洞信息 (F38320)

Ubuntu Security Notice 144-1 (PacketStormID:F38320)
2005-06-29 00:00:00
Ubuntu  ubuntu.com
advisory
linux,ubuntu
CVE-2005-0201
[点击下载]

Ubuntu Security Notice USN-144-1 - dbus suffers from a vulnerability that allows another user to make use of its bus if the address is known.

===========================================================
Ubuntu Security Notice USN-144-1	      June 27, 2005
dbus vulnerability
CAN-2005-0201
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

dbus-1

The problem can be corrected by upgrading the affected package to
version 0.22-1ubuntu2.1.  You have to restart your Gnome session (i.e.
log out and back in) after doing a standard system upgrade to effect
the necessary changes.

Details follow:

Besides providing the global system-wide communication bus, dbus also
offers per-user "session" buses which applications in an user's
session can create and use to communicate with each other.  Daniel
Reed discovered that the default configuration of the session dbus
allowed a local user to connect to another user's session bus if its
address was known. The fixed packages restrict the default permissions
to the user who owns the session dbus instance.

Please note that a standard Ubuntu installation does not use the
session bus for anything, so this can only be exploited if you are
using custom software which uses it.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22-1ubuntu2.1.diff.gz
      Size/MD5:    15995 6f8b07a03ee133e67607985210dcaa21
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22-1ubuntu2.1.dsc
      Size/MD5:      909 d47c88f0d2cc14da7bab054bb2923ea6
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_0.22.orig.tar.gz
      Size/MD5:  1248780 6b1c2476ea8b82dd9fb7f29ef857cb9f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_0.22-1ubuntu2.1_all.deb
      Size/MD5:   817462 2942d675de295f743ebdceff28edc3eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   233840 ddfcaa03766658123d982a891a5ae5fe
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   100612 d8defb47c253b5475ea40d005782c040
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   332330 a821776783887a74227da54fb2c8cfc0
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   105656 817e67b68bad8cc21dbdd6d824aa8dd2
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   103222 19d76a1c5b2dfdcd993d4d8b1004a84f
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_amd64.deb
      Size/MD5:   142524 5f2bc9aaa7aaa062ea4c66a45dab389a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_i386.deb
      Size/MD5:   207320 f9f955179ef745de5587cdb4a22e0d8c
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_i386.deb
      Size/MD5:    99146 e409ea2bf9ed72101b59e8a1616a9c5b
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_i386.deb
      Size/MD5:   297298 10b6a50dc30819935b24ca337c85c31a
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_i386.deb
      Size/MD5:   101542 565fe12a77c4cea1ade70977d3672a62
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_i386.deb
      Size/MD5:   100526 8bab20aafd035e1ed7c940225bda277c
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_i386.deb
      Size/MD5:   130754 e8676c7a4157e15a236fdaa38e080691

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dev_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   235306 83ae5fee85566f19262a4548575c0ec1
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-utils_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   100766 2a138c9f8fa460abc9c34cb9d21d2070
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   312850 27ea75fa2dd9a40a1dc84724def7c4e4
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1-dev_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   107106 4b176bc6c2a42bdb0e05b2e28b40d49d
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-glib-1_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   100502 e0316f200a0ab7829d0c5478b288e9cb
    http://security.ubuntu.com/ubuntu/pool/main/d/dbus/python2.3-dbus_0.22-1ubuntu2.1_powerpc.deb
      Size/MD5:   143508 3d2a2015e906ebdd217cba8791002edc
    

- 漏洞信息

13446
D-Bus Local Session Bus Hijack

- 漏洞描述

- 时间线

2005-01-31 Unknow
2005-01-31 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

D-BUS Session Bus Local Privilege Escalation Vulnerability
Access Validation Error 12435
No Yes
2005-02-03 12:00:00 2007-03-06 09:55:00
Daniel Reed <djr@redhat.com> is credited with the discovery of this issue.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
D-BUS Inter-Process Communication System 0.23
D-BUS Inter-Process Communication System 0.22
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
D-BUS Inter-Process Communication System 0.21
D-BUS Inter-Process Communication System 0.20
D-BUS Inter-Process Communication System 0.13

- 漏洞讨论

A local privilege-escalation vulnerability affects D-BUS because it fails to properly secure message-bus sessions.

An attacker may leverage this issue to send messages to the message bus of an unsuspecting user. This may facilitate command execution with the privileges of the unsuspecting user, ultimately leading to privilege escalation.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has updated the CVS version of the affected software. A source patch is also available. Please see the references for more information.


D-BUS Inter-Process Communication System 0.22

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站