Vulnerability Report

CVE-2013-0292

Title: Freedesktop Dbus-Glib Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2013-0292

CWE Category CWE-20

Published Date Mar 05, 2013

Modified Date Apr 29, 2026

Exploit Status Available

Score 7.2 CVSS v2.0

Exploit Probability (EPSS)

0.22%

Vulnerability Summary

CVE-2013-0292: The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Impacted Vendors

freedesktop 1

Reference Links

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/90302 http://rhn.redhat.com/errata/RHSA-2013-0568.html http://secunia.com/advisories/52225 http://secunia.com/advisories/52375 http://secunia.com/advisories/52404 http://www.exploit-db.com/exploits/33614 http://www.mandriva.com/security/advisories?name=MDVSA-2013:071 http://www.openwall.com/lists/oss-security/2013/02/15/10 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/57985 http://www.ubuntu.com/usn/USN-1753-1 https://bugs.freedesktop.org/show_bug.cgi?id=60916 https://exchange.xforce.ibmcloud.com/vulnerabilities/82135 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/90302 http://rhn.redhat.com/errata/RHSA-2013-0568.html http://secunia.com/advisories/52225 http://secunia.com/advisories/52375 http://secunia.com/advisories/52404 http://www.exploit-db.com/exploits/33614 http://www.mandriva.com/security/advisories?name=MDVSA-2013:071 http://www.openwall.com/lists/oss-security/2013/02/15/10 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/57985 http://www.ubuntu.com/usn/USN-1753-1 https://bugs.freedesktop.org/show_bug.cgi?id=60916 https://exchange.xforce.ibmcloud.com/vulnerabilities/82135

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.2

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2013-0292 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/33614

View Code

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

March 05, 2013 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.