Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0595

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Security Impact Summary

CVE-2008-0595 is a security vulnerability that . Impacting 4 products from fedoraproject, from mandrakesoft, from redhat and 1 other, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-02-29T19:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fedoraproject	fedora	7	Yes
Operating System	mandrakesoft	mandrake_linux	2007	Yes
Operating System	mandrakesoft	mandrake_linux	2007.0_x86_64	Yes
Operating System	mandrakesoft	mandrake_linux	2007.1	Yes
Operating System	mandrakesoft	mandrake_linux	2007.1	Yes
Operating System	mandrakesoft	mandrake_linux	2008.0	Yes
Operating System	mandrakesoft	mandrake_linux	2008.0	Yes
Operating System	redhat	enterprise_linux	5	Yes
Operating System	redhat	enterprise_linux	5.0	Yes
Application	freedesktop	dbus	< 1.0.3	Yes
Application	freedesktop	dbus	< 1.1.20	Yes

References

http://lists.freedesktop.org/archives/dbus/2008-February/009401.html Patch, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html Third Party Advisory ([email protected])
http://secunia.com/advisories/29148 Broken Link ([email protected])
http://secunia.com/advisories/29160 Broken Link ([email protected])
http://secunia.com/advisories/29171 Broken Link ([email protected])
http://secunia.com/advisories/29173 Broken Link ([email protected])
http://secunia.com/advisories/29281 Broken Link ([email protected])
http://secunia.com/advisories/29323 Broken Link ([email protected])
http://secunia.com/advisories/30869 Broken Link ([email protected])
http://secunia.com/advisories/32281 Broken Link ([email protected])
http://securitytracker.com/id?1019512 Third Party Advisory, VDB Entry ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2008-0099 Third Party Advisory ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1599 Third Party Advisory ([email protected])
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/ Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:054 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0159.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/489280/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/28023 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-653-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0694 Broken Link ([email protected])
https://issues.rpath.com/browse/RPL-2282 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353 Broken Link ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html Third Party Advisory ([email protected])
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29148 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29160 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29171 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29173 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29281 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29323 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30869 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32281 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019512 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2008-0099 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1599 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:054 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0159.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/489280/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28023 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-653-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0694 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2282 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For fedoraproject's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.