suse · CVE-2008-0595

Quick triage

Priority: medium Published: 2021-05-30 12:41:38 UTC Updated: 2026-04-18 20:29:11 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2008-0595 severity moderate: SUSE including 47 source package names (dbus-1, dbus-1-1.12.20-5.5, …), 53 product×package rows across 14 product lines (SUSE Linux Enterprise Module for Basesystem 15 SP4, SUSE Linux Enterprise Point of Service 11 SP3, … (14 product lines)): Fixed 41, Known Not Affected 12.

Description:

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

cvelogic Threat Intelligence