GLSA-201909-08 : D-Bus: Authentication bypass
Low Nessus Plugin ID 128597
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201909-08 (D-Bus: Authentication bypass)
It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges.
A local attacker can bypass authentication mechanisms and elevate privileges.
There is no known workaround at this time.
SolutionAll D-Bus users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.12.16'