CVE-2008-4311
EPSS 0.03%
Description
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
How to fix CVE-2008-4311
To remediate CVE-2008-4311, upgrade the affected package to a fixed version below.
- Debian/dbus—upgrade to 1.2.1-5 or later
Is CVE-2008-4311 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1-5