Unrated severityNVD Advisory· Published Dec 10, 2008· Updated Apr 23, 2026
CVE-2008-4311
CVE-2008-4311
Description
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
Affected products
46cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*range: <=1.2.4
- cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/33047nvdVendor Advisory
- secunia.com/advisories/33055nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- forums.fedoraforum.org/showthread.phpnvd
- lists.freedesktop.org/archives/dbus/2008-December/010702.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlnvd
- lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlnvd
- secunia.com/advisories/34360nvd
- secunia.com/advisories/34642nvd
- www.securityfocus.com/bid/32674nvd
- www.vupen.com/english/advisories/2008/3355nvd
- bugs.freedesktop.org/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47138nvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.htmlnvd
News mentions
0No linked articles in our index yet.