Joe Vennix discovered that DBus incorrectly handled DBUSCOOKIESHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "dbus" }, { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "dbus-tests" }, { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "dbus-user-session" }, { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "dbus-x11" }, { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "libdbus-1-3" }, { "binary_version": "1.10.6-1ubuntu3.4", "binary_name": "libdbus-1-dev" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "dbus" }, { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "dbus-tests" }, { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "dbus-user-session" }, { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "dbus-x11" }, { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "libdbus-1-3" }, { "binary_version": "1.12.2-1ubuntu1.1", "binary_name": "libdbus-1-dev" } ] }