CVE-2013-0292

Exp

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Published: 2013-03-05 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-0292 is rated High Exploit Risk (66/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.09%). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-0292

EDB-ID Source Kind Published Link
33614 exploit_db edb 2014-06-02 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-0292

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.22% 1.09% +0.87%
2 2026-02-20 0.27% 0.22% -0.04%
3 2025-12-07 0.27%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-0292

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 10.0 [email protected]

Weakness enumeration for CVE-2013-0292

OS Trackers for CVE-2013-0292

vendor priority summary link
debian high CVE-2013-0292 high priority: Debian including 1 source packages (dbus-glib), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2013-0292
redhat high https://access.redhat.com/security/cve/CVE-2013-0292
suse high https://www.suse.com/security/cve/CVE-2013-0292/
ubuntu medium CVE-2013-0292 medium priority: Ubuntu including 1 source packages (dbus-glib), 6 status rows across 6 suites (hardy, lucid, oneiric, precise, quantal, upstream): released 5, ignored 1. https://ubuntu.com/security/CVE-2013-0292

Affected software / configurations for CVE-2013-0292

Vendor Product Version Raw CPE
freedesktop dbus-glib <= 0.100 cpe:2.3:a:freedesktop:dbus-glib:*:*:*:*:*:*:*:*
freedesktop dbus-glib 0.72 cpe:2.3:a:freedesktop:dbus-glib:0.72:*:*:*:*:*:*:*
freedesktop dbus-glib 0.73 cpe:2.3:a:freedesktop:dbus-glib:0.73:*:*:*:*:*:*:*
freedesktop dbus-glib 0.74 cpe:2.3:a:freedesktop:dbus-glib:0.74:*:*:*:*:*:*:*
freedesktop dbus-glib 0.76 cpe:2.3:a:freedesktop:dbus-glib:0.76:*:*:*:*:*:*:*
freedesktop dbus-glib 0.78 cpe:2.3:a:freedesktop:dbus-glib:0.78:*:*:*:*:*:*:*
freedesktop dbus-glib 0.80 cpe:2.3:a:freedesktop:dbus-glib:0.80:*:*:*:*:*:*:*
freedesktop dbus-glib 0.82 cpe:2.3:a:freedesktop:dbus-glib:0.82:*:*:*:*:*:*:*
freedesktop dbus-glib 0.84 cpe:2.3:a:freedesktop:dbus-glib:0.84:*:*:*:*:*:*:*
freedesktop dbus-glib 0.86 cpe:2.3:a:freedesktop:dbus-glib:0.86:*:*:*:*:*:*:*
freedesktop dbus-glib 0.88 cpe:2.3:a:freedesktop:dbus-glib:0.88:*:*:*:*:*:*:*
freedesktop dbus-glib 0.90 cpe:2.3:a:freedesktop:dbus-glib:0.90:*:*:*:*:*:*:*
freedesktop dbus-glib 0.92 cpe:2.3:a:freedesktop:dbus-glib:0.92:*:*:*:*:*:*:*
freedesktop dbus-glib 0.94 cpe:2.3:a:freedesktop:dbus-glib:0.94:*:*:*:*:*:*:*
freedesktop dbus-glib 0.96 cpe:2.3:a:freedesktop:dbus-glib:0.96:*:*:*:*:*:*:*
freedesktop dbus-glib 0.98 cpe:2.3:a:freedesktop:dbus-glib:0.98:*:*:*:*:*:*:*

References for CVE-2013-0292

URL Tags
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658
http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca Exploit Patch
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://osvdb.org/90302
http://rhn.redhat.com/errata/RHSA-2013-0568.html
http://secunia.com/advisories/52225 Vendor Advisory
http://secunia.com/advisories/52375
http://secunia.com/advisories/52404 Vendor Advisory
http://www.exploit-db.com/exploits/33614
http://www.mandriva.com/security/advisories?name=MDVSA-2013:071
http://www.openwall.com/lists/oss-security/2013/02/15/10
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/57985
http://www.ubuntu.com/usn/USN-1753-1
https://bugs.freedesktop.org/show_bug.cgi?id=60916
https://exchange.xforce.ibmcloud.com/vulnerabilities/82135
cvelogic Threat Intelligence