CVE-2013-0292: dbus-gproxy: Verify sender of NameOwnerChanged signals to be o.f.DBus - dbus/dbus-glib - Glib bindings for D-Bus lightweight IPC mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus-glib)

diff options

author	Colin Walters <walters@verbum.org>	2013-02-14 10:19:34 -0500
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-02-15 16:58:42 +0000
commit	166978a09cf5edff4028e670b6074215a4c75eca (patch)
tree	58ce00e3a26a63ffb1af3f2189dcf6122d88f25f /Android.mk
parent	c6cbdf9ed99f82983dd529319475dd02c53ad2aa (diff)

CVE-2013-0292: dbus-gproxy: Verify sender of NameOwnerChanged signals to be o.f.DBus

Anyone can hop on the bus and emit a signal whose interface is o.f.DBus; it's expected at the moments that clients (and notably DBus libraries) check the sender. This could previously be used to trick a system service using dbus-glib into thinking a malicious signal came from a privileged source, by claiming that ownership of the privileged source's well-known name had changed from the privileged source's real unique name to the attacker's unique name. [altered to be NULL-safe so it won't crash on peer connections -smcv] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Diffstat (limited to 'Android.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: