Vigil@nce: DBus-GLib, modification of property
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can change read only properties of DBus-GLib, and
of its applications.
– Severity: 2/4
– Creation date: 23/11/2010
DESCRIPTION OF THE VULNERABILITY
The D-Bus system is used by local applications to communicate. The
DBus-GLib library is an implementation of D-Bus for Gnome
environments. The DeviceKit-Power, ModemManager and NetworkManager
services use DBus-GLib.
Properties of D-Bus objects can be configured as read only. For
example, the "Ip4Address" property of NetworkManager is read only.
However, DBus-GLib does not apply this restriction, so the
property can be edited.
A local attacker can therefore change read only properties of
DBus-GLib, and of its applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/DBus-GLib-modification-of-property-10144