Vulnerabilities > CVE-2005-0201 - Local Privilege Escalation vulnerability in D-BUS Session Bus

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
d-bus
nessus

Summary

D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

Vulnerable Configurations

Part Description Count
Application
D-Bus
1

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-102.NASL
    descriptionUpdated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Dan Reed discovered that a user can send and listen to messages on another user
    last seen2020-06-01
    modified2020-06-02
    plugin id21919
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21919
    titleCentOS 4 : dbus (CESA-2005:102)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:102 and 
    # CentOS Errata and Security Advisory 2005:102 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21919);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:02");
    
      script_cve_id("CVE-2005-0201");
      script_xref(name:"RHSA", value:"2005:102");
    
      script_name(english:"CentOS 4 : dbus (CESA-2005:102)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated dbus packages that fix a security issue are now available for
    Red Hat Enterprise Linux 4.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    D-BUS is a system for sending messages between applications. It is
    used both for the systemwide message bus service, and as a
    per-user-login-session messaging facility.
    
    Dan Reed discovered that a user can send and listen to messages on
    another user's per-user session bus if they know the address of the
    socket. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2005-0201 to this issue. In
    Red Hat Enterprise Linux 4, the per-user session bus is only used for
    printing notifications, therefore this issue would only allow a local
    user to examine or send additional print notification messages.
    
    Users of dbus are advised to upgrade to these updated packages, which
    contain backported patches to correct this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011798.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe3a6615"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011804.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?750bcf64"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011805.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b29bb2a8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dbus packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dbus-x11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"dbus-0.22-12.EL.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"dbus-devel-0.22-12.EL.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"dbus-glib-0.22-12.EL.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"dbus-python-0.22-12.EL.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"dbus-x11-0.22-12.EL.2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus / dbus-devel / dbus-glib / dbus-python / dbus-x11");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-822.NASL
    description - Mon Aug 29 2005 John (J5) Palmieri <johnp at redhat.com> - 0.33-3.fc4.1 - add patch from 0.2x series that fixes an exploit where users can attach to another user
    last seen2020-06-01
    modified2020-06-02
    plugin id19724
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19724
    titleFedora Core 4 : dbus-0.33-3.fc4.1 (2005-822)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-822.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19724);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:24");
    
      script_xref(name:"FEDORA", value:"2005-822");
    
      script_name(english:"Fedora Core 4 : dbus-0.33-3.fc4.1 (2005-822)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Mon Aug 29 2005 John (J5) Palmieri <johnp at redhat.com>
        - 0.33-3.fc4.1
    
        - add patch from 0.2x series that fixes an exploit where
          users can attach to another user's session bus
          (CVE-2005-0201)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-August/001315.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?97dd1ede"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus-x11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"dbus-0.33-3.fc4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"dbus-debuginfo-0.33-3.fc4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"dbus-devel-0.33-3.fc4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"dbus-glib-0.33-3.fc4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"dbus-python-0.33-3.fc4.1")) flag++;
    if (rpm_check(release:"FC4", reference:"dbus-x11-0.33-3.fc4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus / dbus-debuginfo / dbus-devel / dbus-glib / dbus-python / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-111.NASL
    descriptionSecurity fix for Bug#146765 (CVE-2005-0201) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16301
    published2005-02-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16301
    titleFedora Core 3 : dbus-0.22-10.FC3.2 (2005-111)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-102.NASL
    descriptionUpdated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Dan Reed discovered that a user can send and listen to messages on another user
    last seen2020-06-01
    modified2020-06-02
    plugin id18441
    published2005-06-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18441
    titleRHEL 4 : dbus (RHSA-2005:102)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-105.NASL
    descriptionDan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user
    last seen2020-06-01
    modified2020-06-02
    plugin id18562
    published2005-06-25
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18562
    titleMandrake Linux Security Advisory : dbus (MDKSA-2005:105)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-144-1.NASL
    descriptionBesides providing the global system-wide communication bus, dbus also offers per-user
    last seen2020-06-01
    modified2020-06-02
    plugin id20537
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20537
    titleUbuntu 4.10 : dbus vulnerability (USN-144-1)

Oval

accepted2013-04-29T04:10:22.793-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionD-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
familyunix
idoval:org.mitre.oval:def:10973
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleD-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
version26

Redhat

advisories
rhsa
idRHSA-2005:102
rpms
  • dbus-0:0.22-12.EL.2
  • dbus-debuginfo-0:0.22-12.EL.2
  • dbus-devel-0:0.22-12.EL.2
  • dbus-glib-0:0.22-12.EL.2
  • dbus-python-0:0.22-12.EL.2
  • dbus-x11-0:0.22-12.EL.2