CVE-2024-34397

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34397
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

5.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.openwall.com/lists/oss-security/2024/05/07/5
Configurations

No configuration.

History

15 Nov 2024, 18:35

Type Values Removed Values Added
CWE CWE-290
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.2

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ -
  • () https://security.netapp.com/advisory/ntap-20240531-0008/ -
Summary
  • (es) Se descubrió un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a señales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar señales D-Bus falsificadas que el cliente basado en GDBus interpretará erróneamente como enviadas por el mismo. servicio de sistema confiable. Esto podría provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicación.

07 May 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-07 18:15

Updated : 2024-11-15 18:35

NVD link : CVE-2024-34397

Mitre link : CVE-2024-34397

CVE.ORG link : CVE-2024-34397

JSON object : View

Products Affected

No product.

CWE
CWE-290

Authentication Bypass by Spoofing