IM
IronMonkey Threat Research

CVE-2024-34397 MEDIUM

Published: 2024-05-07 | Last Modified: 2026-05-12 | Status: Modified

Description

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Additional Descriptions (1)

Se descubrió un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a señales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar señales D-Bus falsificadas que el cliente basado en GDBus interpretará erróneamente como enviadas por el mismo. servicio de sistema confiable. Esto podría provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicación.

CVSS Metrics

Base Score: 5.2 (MEDIUM)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack VectorPHYSICAL
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactHIGH
Availability ImpactLOW

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 0.9

Impact Score: 4.2

Weaknesses

Source Type Description
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-290

Affected Products

Vendor Product Version Update Type
gnome glib * <built-in method update of dict object at 0x702b8052cdc0> Application
gnome glib * <built-in method update of dict object at 0x702bfc334c80> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x702b8344d400> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702bddae4e80> Operating System
fedoraproject fedora 40 <built-in method update of dict object at 0x702b8052f8c0> Operating System
netapp ontap_tools 10 <built-in method update of dict object at 0x702bdc51b400> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

References

Notification
Message here