An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Se descubrió un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a señales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar señales D-Bus falsificadas que el cliente basado en GDBus interpretará erróneamente como enviadas por el mismo. servicio de sistema confiable. Esto podría provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicación.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
| Attack Vector | PHYSICAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | HIGH |
| Availability Impact | LOW |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 0.9
Impact Score: 4.2
| Source | Type | Description |
|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-290
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnome | glib | * | <built-in method update of dict object at 0x702b8052cdc0> | Application |
| gnome | glib | * | <built-in method update of dict object at 0x702bfc334c80> | Application |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x702b8344d400> | Operating System |
| fedoraproject | fedora | 39 | <built-in method update of dict object at 0x702bddae4e80> | Operating System |
| fedoraproject | fedora | 40 | <built-in method update of dict object at 0x702b8052f8c0> | Operating System |
| netapp | ontap_tools | 10 | <built-in method update of dict object at 0x702bdc51b400> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:* |