Xdg Dbus Proxy
Monthly
Policy parser vulnerability in xdg-dbus-proxy prior to 0.1.7 allows authenticated local users to bypass eavesdrop restrictions and intercept D-Bus messages by exploiting improper whitespace handling in policy rule parsing. The proxy fails to normalize eavesdrop policy directives, permitting attackers to craft malformed policies (e.g., eavesdrop ='true' with spacing variations) that evade the eavesdrop=true access control checks. No public exploit code has been identified at time of analysis.
Policy parser vulnerability in xdg-dbus-proxy prior to 0.1.7 allows authenticated local users to bypass eavesdrop restrictions and intercept D-Bus messages by exploiting improper whitespace handling in policy rule parsing. The proxy fails to normalize eavesdrop policy directives, permitting attackers to craft malformed policies (e.g., eavesdrop ='true' with spacing variations) that evade the eavesdrop=true access control checks. No public exploit code has been identified at time of analysis.