Vulnerabilities > CVE-2005-0201 - Local Privilege Escalation vulnerability in D-BUS Session Bus
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-102.NASL description Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Dan Reed discovered that a user can send and listen to messages on another user last seen 2020-06-01 modified 2020-06-02 plugin id 21919 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21919 title CentOS 4 : dbus (CESA-2005:102) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:102 and # CentOS Errata and Security Advisory 2005:102 respectively. # include("compat.inc"); if (description) { script_id(21919); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-0201"); script_xref(name:"RHSA", value:"2005:102"); script_name(english:"CentOS 4 : dbus (CESA-2005:102)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0201 to this issue. In Red Hat Enterprise Linux 4, the per-user session bus is only used for printing notifications, therefore this issue would only allow a local user to examine or send additional print notification messages. Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011798.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fe3a6615" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011804.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?750bcf64" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011805.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b29bb2a8" ); script_set_attribute(attribute:"solution", value:"Update the affected dbus packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-x11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/29"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"dbus-0.22-12.EL.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"dbus-devel-0.22-12.EL.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"dbus-glib-0.22-12.EL.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"dbus-python-0.22-12.EL.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"dbus-x11-0.22-12.EL.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus / dbus-devel / dbus-glib / dbus-python / dbus-x11"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2005-822.NASL description - Mon Aug 29 2005 John (J5) Palmieri <johnp at redhat.com> - 0.33-3.fc4.1 - add patch from 0.2x series that fixes an exploit where users can attach to another user last seen 2020-06-01 modified 2020-06-02 plugin id 19724 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19724 title Fedora Core 4 : dbus-0.33-3.fc4.1 (2005-822) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-822. # include("compat.inc"); if (description) { script_id(19724); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2005-822"); script_name(english:"Fedora Core 4 : dbus-0.33-3.fc4.1 (2005-822)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Aug 29 2005 John (J5) Palmieri <johnp at redhat.com> - 0.33-3.fc4.1 - add patch from 0.2x series that fixes an exploit where users can attach to another user's session bus (CVE-2005-0201) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-August/001315.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97dd1ede" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-x11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"dbus-0.33-3.fc4.1")) flag++; if (rpm_check(release:"FC4", reference:"dbus-debuginfo-0.33-3.fc4.1")) flag++; if (rpm_check(release:"FC4", reference:"dbus-devel-0.33-3.fc4.1")) flag++; if (rpm_check(release:"FC4", reference:"dbus-glib-0.33-3.fc4.1")) flag++; if (rpm_check(release:"FC4", reference:"dbus-python-0.33-3.fc4.1")) flag++; if (rpm_check(release:"FC4", reference:"dbus-x11-0.33-3.fc4.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus / dbus-debuginfo / dbus-devel / dbus-glib / dbus-python / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2005-111.NASL description Security fix for Bug#146765 (CVE-2005-0201) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16301 published 2005-02-03 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16301 title Fedora Core 3 : dbus-0.22-10.FC3.2 (2005-111) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-102.NASL description Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Dan Reed discovered that a user can send and listen to messages on another user last seen 2020-06-01 modified 2020-06-02 plugin id 18441 published 2005-06-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18441 title RHEL 4 : dbus (RHSA-2005:102) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-105.NASL description Dan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user last seen 2020-06-01 modified 2020-06-02 plugin id 18562 published 2005-06-25 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18562 title Mandrake Linux Security Advisory : dbus (MDKSA-2005:105) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-144-1.NASL description Besides providing the global system-wide communication bus, dbus also offers per-user last seen 2020-06-01 modified 2020-06-02 plugin id 20537 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20537 title Ubuntu 4.10 : dbus vulnerability (USN-144-1)
Oval
accepted | 2013-04-29T04:10:22.793-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10973 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket. | ||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://secunia.com/advisories/14119
- http://secunia.com/advisories/15638
- http://secunia.com/advisories/15833
- http://secunia.com/advisories/15844
- http://securitytracker.com/id?1013075
- http://www.auscert.org.au/render.html?it=5156
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:105
- http://www.redhat.com/support/errata/RHSA-2005-102.html
- http://www.securityfocus.com/bid/12435
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10973
- https://usn.ubuntu.com/144-1/