CVE-2013-0292

Related Files

Darklena fprintd/pam_fprintd Local Root

Posted May 30, 2014

Authored by Sebastian Krahmer

pam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.

tags | exploit, shell, local, root, spoof, proof of concept

advisories | CVE-2013-0292

SHA-256 | d7d878eac758bfcc9a041d7672f578aa68bacf6ae2cbd54d692e6da69a937360

Download | Favorite | View

Mandriva Linux Security Advisory 2013-071

Posted Apr 8, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-071 - A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender, when the NameOwnerChanged signal was received. A local attacker could use this flaw to escalate their privileges.

tags | advisory, local

systems | linux, mandriva

advisories | CVE-2013-0292

SHA-256 | 38a7f795c9dbf85c8c9f40f7bee0e1c36b4f7c15067e9d63187d3ea2d1ae392a

Download | Favorite | View

Ubuntu Security Notice USN-1753-1

Posted Feb 27, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1753-1 - Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2013-0292

SHA-256 | 9ce1ac4e5f067377afdafd7442b6e3c1e4f0943a1f5f93e3180598e214b52378

Download | Favorite | View

Red Hat Security Advisory 2013-0568-01

Posted Feb 26, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0568-01 - dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.

tags | advisory, local

systems | linux, redhat

advisories | CVE-2013-0292

SHA-256 | f115f8f456a5b073c3c794a1f1c4435ef97f30b0ff1398b9309a9019ea8e3fac

Download | Favorite | View