The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dbus | Freedesktop | 1.2.1 (including) | 1.2.1 (including) |
Dbus | Freedesktop | 1.2.3 (including) | 1.2.3 (including) |
Dbus | Freedesktop | 1.2.4 (including) | 1.2.4 (including) |
Dbus | Freedesktop | 1.2.6 (including) | 1.2.6 (including) |
Dbus | Freedesktop | 1.2.8 (including) | 1.2.8 (including) |
Dbus | Freedesktop | 1.2.10 (including) | 1.2.10 (including) |
Dbus | Freedesktop | 1.2.12 (including) | 1.2.12 (including) |
Dbus | Freedesktop | 1.2.14 (including) | 1.2.14 (including) |
Dbus | Freedesktop | 1.2.16 (including) | 1.2.16 (including) |
Dbus | Freedesktop | 1.2.18 (including) | 1.2.18 (including) |
Dbus | Freedesktop | 1.2.20 (including) | 1.2.20 (including) |
Dbus | Freedesktop | 1.2.22 (including) | 1.2.22 (including) |
Dbus | Freedesktop | 1.2.24 (including) | 1.2.24 (including) |
Dbus | Freedesktop | 1.2.26 (including) | 1.2.26 (including) |
Dbus | Ubuntu | lucid | * |
Dbus | Ubuntu | upstream | * |