Solution
Please Install the Updated Packages.
Insight
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model.
A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the NameOwnerChanged signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges.
(CVE-2013-0292)
All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.
Affected
dbus-glib on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Severity
Classification
-
CVE CVE-2013-0292 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities