प्लेटफ़ॉर्म
linux
घटक
xdg-dbus-proxy
में ठीक किया गया
0.1.8
xdg-dbus-proxy is a filtering proxy designed to manage D-Bus connections, ensuring secure communication. A vulnerability exists where the policy parser incorrectly handles policy rules, allowing attackers to bypass eavesdrop restrictions and potentially intercept sensitive D-Bus messages. This issue affects versions 0.1.0 up to, but not including, 0.1.7. The vulnerability has been resolved in version 0.1.7.
CVE-2026-34080 affects xdg-dbus-proxy, a filtering proxy for D-Bus connections. The vulnerability lies within the policy parser, which incorrectly handles the 'eavesdrop' parameter. Specifically, it allows bypassing eavesdrop restrictions if the 'eavesdrop' value in policy rules contains unexpected spaces (e.g., 'eavesdrop =true'). This allows malicious clients to intercept D-Bus messages they should not have access to, compromising the security of applications relying on D-Bus for secure communication. The severity of this vulnerability depends on the usage context of xdg-dbus-proxy and the sensitivity of the data transmitted over D-Bus. A successful attacker could potentially steal confidential information or manipulate application behavior.
Exploitation of this vulnerability requires access to a system running a vulnerable version of xdg-dbus-proxy and the ability to modify D-Bus policy rules. An attacker could create a malicious policy rule containing a space before the equals sign in the 'eavesdrop' parameter (e.g., 'eavesdrop =true'). When xdg-dbus-proxy processes this rule, it will fail to detect the space and allow the malicious client to eavesdrop on D-Bus messages. The difficulty of exploitation depends on the permissions required to modify D-Bus policy rules. In some systems, these permissions may be limited, while in others they may be more extensive.
एक्सप्लॉइट स्थिति
EPSS
0.03% (9% शतमक)
CISA SSVC
The solution to CVE-2026-34080 is to update xdg-dbus-proxy to version 0.1.7 or higher. This version corrects the vulnerability by properly validating the 'eavesdrop' parameter in policy rules, preventing the bypass of eavesdrop restrictions. It is recommended to apply this update as soon as possible, especially on systems where xdg-dbus-proxy is used to protect communication between sensitive applications. Additionally, review existing D-Bus policy rules to ensure they do not contain unnecessary spaces around the 'eavesdrop' parameter. Monitor systems for any suspicious activity related to D-Bus after the update.
Actualice xdg-dbus-proxy a la versión 0.1.7 o superior para mitigar la vulnerabilidad. Esta actualización corrige el manejo incorrecto de las reglas de política de eavesdrop, previniendo la interceptación no autorizada de mensajes D-Bus.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
D-Bus is an inter-process communication system used in Linux and other Unix-like operating systems.
xdg-dbus-proxy helps protect D-Bus communication by allowing only authorized applications to access certain messages.
You can check the version by running the command xdg-dbus-proxy --version in the terminal.
If you cannot update immediately, consider reviewing your D-Bus policy rules to remove any unnecessary spaces around the 'eavesdrop' parameter.
Currently, there are no specific tools to detect this vulnerability, but regular security audits of your systems are recommended.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।