GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Sep 08, 2019 7:26 pm Post subject: [ GLSA 201909-08 ] D-Bus |
 |
|
Gentoo Linux Security Advisory
Title: D-Bus: Authentication bypass (GLSA 201909-08)
Severity: normal
Exploitable: local
Date: 2019-09-08
Bug(s): #687900
ID: 201909-08
Synopsis
An authentication bypass was discovered in D-Bus.
Background
D-Bus is a message bus system which processes can use to talk to each
other.
Affected Packages
Package: sys-apps/dbus
Vulnerable: < 1.12.16
Unaffected: >= 1.12.16
Architectures: All supported architectures
Description
It was discovered that a local attacker could manipulate symbolic links
in their own home directory to bypass authentication and connect to a
DBusServer with elevated privileges.
Impact
A local attacker can bypass authentication mechanisms and elevate
privileges.
Workaround
There is no known workaround at this time.
Resolution
All D-Bus users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.12.16"
|
References
CVE-2019-12749 |
|
News & Announcements
