Vulnerabilities > CVE-2008-4311 - Configuration vulnerability in Freedesktop Dbus

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
freedesktop
CWE-16
nessus
NVD
Published: 2008-12-10
Updated: 2024-11-21

Summary

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Vulnerable Configurations

Part Description Count
Application
Freedesktop
63

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_HAL-090205.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39981
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39981
    titleopenSUSE Security Update : hal (hal-501)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_DBUS-1-090204.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40210
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40210
    titleopenSUSE Security Update : dbus-1 (dbus-1-488)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_POLICYKIT-090203.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39901
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39901
    titleopenSUSE Security Update : PolicyKit (PolicyKit-494)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-10907.NASL
    descriptionA system restart is required for this update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35047
    published2008-12-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35047
    titleFedora 9 : dbus-1.2.6-1.fc9 (2008-10907)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_HAL-090205.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40231
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40231
    titleopenSUSE Security Update : hal (hal-501)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_DBUS-1-090402.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. (CVE-2008-4311) The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. With the previous update wireless networking didn
    last seen2020-06-01
    modified2020-06-02
    plugin id41382
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41382
    titleSuSE 11 Security Update : dbus (SAT Patch Number 726)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_DBUS-1-090402.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. With the previous update wireless networking didn
    last seen2020-06-01
    modified2020-06-02
    plugin id40211
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40211
    titleopenSUSE Security Update : dbus-1 (dbus-1-717)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_HAL-090313.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39982
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39982
    titleopenSUSE Security Update : hal (hal-620)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_BLUEZ-AUDIO-090417.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. The previous bluez update caused problems with the bluez passkey agent. This second update fixes this.
    last seen2020-06-01
    modified2020-06-02
    plugin id39924
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39924
    titleopenSUSE Security Update : bluez-audio (bluez-audio-802)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BLUEZ-CUPS-6118.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id36016
    published2009-03-25
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36016
    titleopenSUSE 10 Security Update : bluez-cups (bluez-cups-6118)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_HAL-6085.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id35956
    published2009-03-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35956
    titleopenSUSE 10 Security Update : hal (hal-6085)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_HAL-6036.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. (CVE-2008-4311) The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. Additionally a bug in hal that allowed users to crash the hal daemon has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id41520
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41520
    titleSuSE 10 Security Update : hal (ZYPP Patch Number 6036)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CONSOLEKIT-090312.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40163
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40163
    titleopenSUSE Security Update : ConsoleKit (ConsoleKit-596)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_PACKAGEKIT-090204.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39900
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39900
    titleopenSUSE Security Update : PackageKit (PackageKit-495)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_HAL-090402.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services like hal break due to this setting and need an updated configuration as well. The dbus configuration in the previous hal update was incomplete so this is the second attempt to fix the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id39983
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39983
    titleopenSUSE Security Update : hal (hal-721)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BLUEZ-AUDIO-6197.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. The previous bluez update caused problems with the bluez passkey agent. This second update fixes this.
    last seen2020-06-01
    modified2020-06-02
    plugin id36200
    published2009-04-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36200
    titleopenSUSE 10 Security Update : bluez-audio (bluez-audio-6197)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_POLICYKIT-090203.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40181
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40181
    titleopenSUSE Security Update : PolicyKit (PolicyKit-494)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_BLUEZ-AUDIO-090320.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39923
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39923
    titleopenSUSE Security Update : bluez-audio (bluez-audio-671)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GNOME-PANEL-090408.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40223
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40223
    titleopenSUSE Security Update : gnome-panel (gnome-panel-753)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CONSOLEKIT-090312.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39877
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39877
    titleopenSUSE Security Update : ConsoleKit (ConsoleKit-596)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_DBUS-1-5972.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id35955
    published2009-03-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35955
    titleopenSUSE 10 Security Update : dbus-1 (dbus-1-5972)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-10733.NASL
    descriptionA system restart is required for this update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37165
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37165
    titleFedora 10 : dbus-1.2.6-1.fc10 (2008-10733)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_DBUS-1-5969.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. (CVE-2008-4311) The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id41500
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41500
    titleSuSE 10 Security Update : dbus (ZYPP Patch Number 5969)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_HAL-6037.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id35922
    published2009-03-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35922
    titleopenSUSE 10 Security Update : hal (hal-6037)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-750.NASL
    description6 vulnerabilities were discovered for the dbus-1 and dbus-1-x11 packages in openSUSE versions 11.4, 12.1, and 12.2.
    last seen2020-06-05
    modified2014-06-13
    plugin id74795
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74795
    titleopenSUSE Security Update : dbus-1 / dbus-1-x11 (openSUSE-SU-2012:1418-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_DBUS-1-090129.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id39948
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39948
    titleopenSUSE Security Update : dbus-1 (dbus-1-488)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_HAL-6098.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id35986
    published2009-03-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35986
    titleopenSUSE 10 Security Update : hal (hal-6098)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_PACKAGEKIT-090203.NASL
    descriptionThe dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id40180
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40180
    titleopenSUSE Security Update : PackageKit (PackageKit-495)

References