The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
2013-03-05T21:38:56.227
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.2 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | freedesktop | dbus-glib | ≤ 0.100 | Yes |
| Application | freedesktop | dbus-glib | 0.72 | Yes |
| Application | freedesktop | dbus-glib | 0.73 | Yes |
| Application | freedesktop | dbus-glib | 0.74 | Yes |
| Application | freedesktop | dbus-glib | 0.76 | Yes |
| Application | freedesktop | dbus-glib | 0.78 | Yes |
| Application | freedesktop | dbus-glib | 0.80 | Yes |
| Application | freedesktop | dbus-glib | 0.82 | Yes |
| Application | freedesktop | dbus-glib | 0.84 | Yes |
| Application | freedesktop | dbus-glib | 0.86 | Yes |
| Application | freedesktop | dbus-glib | 0.88 | Yes |
| Application | freedesktop | dbus-glib | 0.90 | Yes |
| Application | freedesktop | dbus-glib | 0.92 | Yes |
| Application | freedesktop | dbus-glib | 0.94 | Yes |
| Application | freedesktop | dbus-glib | 0.96 | Yes |
| Application | freedesktop | dbus-glib | 0.98 | Yes |