dbus-1: privilege escalation
| Package(s): | dbus-1 | CVE #(s): | CVE-2014-8148 | ||||
| Created: | January 23, 2015 | Updated: | January 28, 2015 | ||||
| Description: | From the openSUSE advisory: Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. | ||||||
| Alerts: |
| ||||||