CVE 2008-4311
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_
Related bugs and status
CVE-2008-4311 (Candidate) is related to these bugs:
Bug #43644: time-admin shows different time zone when it is restarted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 43644 | time-admin shows different time zone when it is restarted | gnome-system-tools (Ubuntu) | Medium | Invalid | ||
| 43644 | time-admin shows different time zone when it is restarted | tzdata (Ubuntu) | Undecided | Invalid | ||
| 43644 | time-admin shows different time zone when it is restarted | GST | Undecided | Invalid | ||
| 43644 | time-admin shows different time zone when it is restarted | system-tools-backends (Ubuntu) | Undecided | Fix Released | ||
| 43644 | time-admin shows different time zone when it is restarted | system-tools-backends | Low | Fix Released | ||
| 43644 | time-admin shows different time zone when it is restarted | gnome-system-tools (Debian) | Undecided | Invalid | ||
| 43644 | time-admin shows different time zone when it is restarted | system-tools-backends (Debian) | Unknown | Fix Released | ||
Bug #306362: Default D-Bus system bus policy is allow
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 306362 | Default D-Bus system bus policy is allow | dbus (Ubuntu) | Critical | Fix Released | ||
| 306362 | Default D-Bus system bus policy is allow | D-Bus | Medium | Fix Released | ||
| 306362 | Default D-Bus system bus policy is allow | dbus (Debian) | Unknown | Fix Released | ||
| 306362 | Default D-Bus system bus policy is allow | dbus (Fedora) | Medium | Fix Released | ||
Bug #314985: Please merge policykit_0.9-2(main) from debian unstable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 314985 | Please merge policykit_0.9-2(main) from debian unstable | policykit (Ubuntu) | Undecided | Fix Released | ||
Bug #318751: D-Bus Policy needs checking
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 318751 | D-Bus Policy needs checking | system-tools-backends (Ubuntu) | Undecided | Fix Released | ||
| 318751 | D-Bus Policy needs checking | system-tools-backends (Debian) | Unknown | Fix Released | ||
Bug #318775: D-Bus Policy needs checking
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 318775 | D-Bus Policy needs checking | devicekit-power (Ubuntu) | Undecided | Fix Released | ||
Bug #371234: system::admin::services is broken in karmic (says platform is unsupported)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 371234 | system::admin::services is broken in karmic (says platform is unsupported) | system-tools-backends (Ubuntu) | High | Fix Released | ||
| 371234 | system::admin::services is broken in karmic (says platform is unsupported) | system-tools-backends (Ubuntu Karmic) | High | Fix Released | ||
| 371234 | system::admin::services is broken in karmic (says platform is unsupported) | system-tools-backends | Critical | Unknown | ||
See the 
CVE page on Mitre.org
for more details.
