DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA_2011-9891.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 15 : dbus-1.4.6-5.fc15 (2011-9891)", "description": "- Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-02T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/55754", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?5ff962a4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2200", "https://bugzilla.redhat.com/show_bug.cgi?id=712678"], "cvelist": ["CVE-2011-2200"], "immutableFields": [], "lastseen": "2021-08-19T13:00:09", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:1132"]}, {"type": "cve", "idList": ["CVE-2011-2200"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2200"]}, {"type": "fedora", "idList": ["FEDORA:74E95110694", "FEDORA:CD13F110B78"]}, {"type": "gentoo", "idList": ["GLSA-201110-14"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-1132.NASL", "FEDORA_2011-9817.NASL", "GENTOO_GLSA-201110-14.NASL", "ORACLELINUX_ELSA-2011-1132.NASL", "REDHAT-RHSA-2011-1132.NASL", "SL_20110809_DBUS_ON_SL5_X.NASL", "SUSE_11_3_DBUS-1-110805.NASL", "SUSE_11_4_DBUS-1-110805.NASL", "SUSE_11_DBUS-1-110628.NASL", "SUSE_DBUS-1-7592.NASL", "SUSE_DBUS-1-7593.NASL", "UBUNTU_USN-1176-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122112", "OPENVAS:136141256231070777", "OPENVAS:1361412562310840713", "OPENVAS:1361412562310863400", "OPENVAS:1361412562310863416", "OPENVAS:1361412562310870464", "OPENVAS:1361412562310880994", "OPENVAS:1361412562310881446", "OPENVAS:70777", "OPENVAS:840713", "OPENVAS:863400", "OPENVAS:863416", "OPENVAS:870464", "OPENVAS:880994", "OPENVAS:881446"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1132", "ELSA-2012-1261"]}, {"type": "redhat", "idList": ["RHSA-2011:1132"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26750", "SECURITYVULNS:DOC:27214", "SECURITYVULNS:VULN:11820"]}, {"type": "ubuntu", "idList": ["USN-1176-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2200"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1132"]}, {"type": "cve", "idList": ["CVE-2011-2200"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2200"]}, {"type": "fedora", "idList": ["FEDORA:74E95110694"]}, {"type": "nessus", "idList": ["FEDORA_2011-9817.NASL", "REDHAT-RHSA-2011-1132.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:70777"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1132", "ELSA-2012-1261"]}, {"type": "redhat", "idList": ["RHSA-2011:1132"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27214"]}, {"type": "ubuntu", "idList": ["USN-1176-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2200"]}]}, "exploitation": null, "vulnersScore": 5.4}, "pluginID": "55754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9891.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55754);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"FEDORA\", value:\"2011-9891\");\n\n script_name(english:\"Fedora 15 : dbus-1.4.6-5.fc15 (2011-9891)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=712678\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ff962a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"dbus-1.4.6-5.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:dbus", "cpe:/o:fedoraproject:fedora:15"], "solution": "Update the affected dbus package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2011-07-31T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:59:56", "description": "- Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-15T00:00:00", "type": "nessus", "title": "Fedora 14 : dbus-1.4.0-3.fc14 (2011-9817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:dbus", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9817.NASL", "href": "https://www.tenable.com/plugins/nessus/55844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9817.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55844);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"FEDORA\", value:\"2011-9817\");\n\n script_name(english:\"Fedora 14 : dbus-1.4.0-3.fc14 (2011-9817)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=712678\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063731.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cc0c6db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"dbus-1.4.0-3.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:49", "description": "D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : dbus on SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110809_DBUS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61107);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"Scientific Linux Security Update : dbus on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"D-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=1276\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eaf8c547\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:33", "description": "This update fixes the security issue that local users could disconnect system daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7592)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DBUS-1-7592.NASL", "href": "https://www.tenable.com/plugins/nessus/57178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57178);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7592)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2200.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7592.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-devel-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-glib-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-gtk-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-mono-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-python-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-qt3-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-qt3-devel-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-x11-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-devel-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-glib-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-gtk-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-java-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-mono-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-python-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-qt3-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-qt3-devel-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-x11-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.31.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:43", "description": "local users could disconnect system daemons from the bus by sending specially crafted messages (CVE-2011-2200).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:dbus-1", "p-cpe:/a:novell:opensuse:dbus-1-32bit", "p-cpe:/a:novell:opensuse:dbus-1-devel", "p-cpe:/a:novell:opensuse:dbus-1-devel-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_DBUS-1-110805.NASL", "href": "https://www.tenable.com/plugins/nessus/75461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update dbus-1-4962.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75461);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)\");\n script_summary(english:\"Check for the dbus-1-4962 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"local users could disconnect system daemons from the bus by sending\nspecially crafted messages (CVE-2011-2200).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dbus-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"dbus-1-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"dbus-1-devel-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"dbus-1-devel-32bit-1.2.24-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus-1 / dbus-1-32bit / dbus-1-devel / dbus-1-devel-32bit\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:00:05", "description": "It was discovered that DBus did not properly validate the byte order of messages under certain circumstances. An attacker could exploit this to cause a denial of service via application crash or potentially obtain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-07-27T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : dbus vulnerability (USN-1176-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:dbus", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1176-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55700);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"USN\", value:\"1176-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : dbus vulnerability (USN-1176-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that DBus did not properly validate the byte order\nof messages under certain circumstances. An attacker could exploit\nthis to cause a denial of service via application crash or potentially\nobtain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1176-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"dbus\", pkgver:\"1.1.20-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"dbus\", pkgver:\"1.2.16-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"dbus\", pkgver:\"1.4.0-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"dbus\", pkgver:\"1.4.6-1ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:00:07", "description": "Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-10T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : dbus (RHSA-2011:1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:dbus", "p-cpe:/a:redhat:enterprise_linux:dbus-debuginfo", "p-cpe:/a:redhat:enterprise_linux:dbus-devel", "p-cpe:/a:redhat:enterprise_linux:dbus-doc", "p-cpe:/a:redhat:enterprise_linux:dbus-libs", "p-cpe:/a:redhat:enterprise_linux:dbus-x11", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/55809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1132. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55809);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"RHEL 5 / 6 : dbus (RHSA-2011:1132)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1132\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1132\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-debuginfo-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-doc-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-debuginfo / dbus-devel / dbus-doc / dbus-libs / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:34", "description": "local users could disconnect system daemons from the bus by sending specially crafted messages (CVE-2011-2200).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:dbus-1", "p-cpe:/a:novell:opensuse:dbus-1-32bit", "p-cpe:/a:novell:opensuse:dbus-1-debuginfo", "p-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:dbus-1-debugsource", "p-cpe:/a:novell:opensuse:dbus-1-devel", "p-cpe:/a:novell:opensuse:dbus-1-devel-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_DBUS-1-110805.NASL", "href": "https://www.tenable.com/plugins/nessus/75812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update dbus-1-4962.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75812);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)\");\n script_summary(english:\"Check for the dbus-1-4962 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"local users could disconnect system daemons from the bus by sending\nspecially crafted messages (CVE-2011-2200).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dbus-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"dbus-1-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"dbus-1-debuginfo-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"dbus-1-debugsource-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"dbus-1-devel-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"dbus-1-32bit-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"dbus-1-debuginfo-32bit-1.4.1-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"dbus-1-devel-32bit-1.4.1-7.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus-1 / dbus-1-32bit / dbus-1-devel / dbus-1-devel-32bit / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:00:21", "description": "This update fixes the security issue that local users could disconnect system daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)", "cvss3": {"score": null, "vector": null}, "published": "2011-07-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : dbus-1 (SAT Patch Number 4799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:dbus-1", "p-cpe:/a:novell:suse_linux:11:dbus-1-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_DBUS-1-110628.NASL", "href": "https://www.tenable.com/plugins/nessus/55587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55587);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"SuSE 11.1 Security Update : dbus-1 (SAT Patch Number 4799)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2200.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:00:18", "description": "This update fixes the security issue that local users could disconnect system daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)", "cvss3": {"score": null, "vector": null}, "published": "2011-07-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DBUS-1-7593.NASL", "href": "https://www.tenable.com/plugins/nessus/55588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55588);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7593)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2200.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7593.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-devel-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-glib-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-gtk-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-java-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-mono-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-python-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-devel-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-x11-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.31.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:32", "description": "From Red Hat Security Advisory 2011:1132 :\n\nUpdated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : dbus (ELSA-2011-1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:dbus", "p-cpe:/a:oracle:linux:dbus-devel", "p-cpe:/a:oracle:linux:dbus-doc", "p-cpe:/a:oracle:linux:dbus-libs", "p-cpe:/a:oracle:linux:dbus-x11", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/68321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1132 and \n# Oracle Linux Security Advisory ELSA-2011-1132 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68321);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"Oracle Linux 5 / 6 : dbus (ELSA-2011-1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1132 :\n\nUpdated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002269.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002270.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-doc-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-doc / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:45", "description": "Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : dbus (CESA-2011:1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:dbus", "p-cpe:/a:centos:centos:dbus-devel", "p-cpe:/a:centos:centos:dbus-libs", "p-cpe:/a:centos:centos:dbus-x11", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/56269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1132 and \n# CentOS Errata and Security Advisory 2011:1132 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56269);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"CentOS 5 : dbus (CESA-2011:1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5834bca9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?328276fc\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d130dc2c\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5ee7d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:40", "description": "The remote host is affected by the vulnerability described in GLSA-201110-14 (D-Bus: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow for local Denial of Service (daemon crash), or arbitrary file overwriting.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "GLSA-201110-14 : D-Bus: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200", "CVE-2011-2533"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:dbus", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-14.NASL", "href": "https://www.tenable.com/plugins/nessus/56589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-14.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56589);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_bugtraq_id(45377, 48216, 48460);\n script_xref(name:\"GLSA\", value:\"201110-14\");\n\n script_name(english:\"GLSA-201110-14 : D-Bus: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-14\n(D-Bus: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in D-Bus. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow for local Denial of Service (daemon crash), or\n arbitrary file overwriting.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All D-Bus users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/dbus\", unaffected:make_list(\"ge 1.4.12\"), vulnerable:make_list(\"lt 1.4.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"D-Bus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:36:42", "description": "D-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled\nendianness conversion when receiving messages. A local user could use this\nflaw to send a specially-crafted message to dbus-daemon or to a service\nusing the bus, such as Avahi or NetworkManager, possibly causing the\ndaemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "redhat", "title": "(RHSA-2011:1132) Moderate: dbus security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2018-06-06T16:24:13", "id": "RHSA-2011:1132", "href": "https://access.redhat.com/errata/RHSA-2011:1132", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "description": "==========================================================================\r\nUbuntu Security Notice USN-1176-1\r\nJuly 26, 2011\r\n\r\ndbus vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nDBus could be made to crash if it processed a specially crafted message.\r\n\r\nSoftware Description:\r\n- dbus: simple interprocess messaging system\r\n\r\nDetails:\r\n\r\nIt was discovered that DBus did not properly validate the byte order of\r\nmessages under certain circumstances. An attacker could exploit this to\r\ncause a denial of service via application crash or potentially obtain\r\naccess to sensitive information.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n dbus 1.4.6-1ubuntu6.1\r\n\r\nUbuntu 10.10:\r\n dbus 1.4.0-0ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n dbus 1.2.16-2ubuntu4.3\r\n\r\nUbuntu 8.04 LTS:\r\n dbus 1.1.20-1ubuntu3.5\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1176-1\r\n CVE-2011-2200\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.1\r\n https://launchpad.net/ubuntu/+source/dbus/1.4.0-0ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.3\r\n https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.5\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2011-08-01T00:00:00", "title": "[USN-1176-1] DBus vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26750", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:52:45", "description": "Byteorder is not checked in some messages.", "edition": 2, "cvss3": {}, "published": "2011-08-01T00:00:00", "title": "Linux DBus DoS", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11820", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11820", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 201110-14\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: D-Bus: Multiple vulnerabilities\r\n Date: October 21, 2011\r\n Bugs: #348766, #371261, #372743\r\n ID: 201110-14\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities were found in D-Bus, the worst of which\r\nallowing for a symlink attack.\r\n\r\nBackground\r\n==========\r\n\r\nD-Bus is a message bus system, a simple way for applications to talk to\r\neach other.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 sys-apps/dbus &lt; 1.4.12 &gt;= 1.4.12\r\n\r\nDescription\r\n===========\r\n\r\nMultiple vulnerabilities have been discovered in D-Bus. Please review\r\nthe CVE identifiers referenced below for details.\r\n\r\nImpact\r\n======\r\n\r\nThe vulnerabilities allow for local Denial of Service &#40;daemon crash&#41;,\r\nor arbitrary file overwriting.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll D-Bus users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=sys-apps/dbus-1.4.12&quot;\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CVE-2010-4352\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4352\r\n[ 2 ] CVE-2011-2200\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2200\r\n[ 3 ] CVE-2011-2533\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2533\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-201110-14.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users&#39; machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttps://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2011 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-26T00:00:00", "title": "[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "modified": "2011-10-26T00:00:00", "id": "SECURITYVULNS:DOC:27214", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27214", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:39:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2011-9891", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9891\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9891\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9891\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"dbus on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.6~5.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for dbus CESA-2011:1132 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880994\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1132\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"dbus on CentOS 5\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for dbus CESA-2011:1132 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881446", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881446\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:53:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2200\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1132\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"dbus on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of dbus", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for dbus CESA-2011:1132 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880994", "href": "http://plugins.openvas.org/nasl.php?oid=880994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"dbus on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\");\n script_id(880994);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1132\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 i386\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "RedHat Update for dbus RHSA-2011:1132-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dbus RHSA-2011:1132-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870464\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1132-01\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"RedHat Update for dbus RHSA-2011:1132-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"dbus on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-debuginfo\", rpm:\"dbus-debuginfo~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:26:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1176-1", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for dbus USN-1176-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840713", "href": "http://plugins.openvas.org/nasl.php?oid=840713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1176_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for dbus USN-1176-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that DBus did not properly validate the byte order of\n messages under certain circumstances. An attacker could exploit this to\n cause a denial of service via application crash or potentially obtain\n access to sensitive information.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1176-1\";\ntag_affected = \"dbus on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1176-1/\");\n script_id(840713);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1176-1\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Ubuntu Update for dbus USN-1176-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.0-0ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.16-2ubuntu4.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.6-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of dbus", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2011-9891", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863400", "href": "http://plugins.openvas.org/nasl.php?oid=863400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9891\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dbus on Fedora 15\";\ntag_insight = \"D-BUS is a system for sending messages between applications. It is\n used both for the system-wide message bus service, and as a\n per-user-login-session messaging facility.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html\");\n script_id(863400);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9891\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9891\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.6~5.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:18", "description": "Check for the Version of dbus", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for dbus CESA-2011:1132 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881446", "href": "http://plugins.openvas.org/nasl.php?oid=881446", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\n\ntag_affected = \"dbus on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\");\n script_id(881446);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:53:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2200\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1132\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:59", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1176-1", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for dbus USN-1176-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1176_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for dbus USN-1176-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1176-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840713\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1176-1\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Ubuntu Update for dbus USN-1176-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1176-1\");\n script_tag(name:\"affected\", value:\"dbus on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that DBus did not properly validate the byte order of\n messages under certain circumstances. An attacker could exploit this to\n cause a denial of service via application crash or potentially obtain\n access to sensitive information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.0-0ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.16-2ubuntu4.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.6-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:34", "description": "Check for the Version of dbus", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "RedHat Update for dbus RHSA-2011:1132-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870464", "href": "http://plugins.openvas.org/nasl.php?oid=870464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dbus RHSA-2011:1132-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\n\ntag_affected = \"dbus on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00004.html\");\n script_id(870464);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1132-01\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"RedHat Update for dbus RHSA-2011:1132-01\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-debuginfo\", rpm:\"dbus-debuginfo~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:08", "description": "Oracle Linux Local Security Checks ELSA-2011-1132", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1132", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2200"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1132.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122112\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1132\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1132 - dbus security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1132\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1132.html\");\n script_cve_id(\"CVE-2011-2200\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.2.24~5.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.2.24~5.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-doc\", rpm:\"dbus-doc~1.2.24~5.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.2.24~5.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.2.24~5.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:28", "description": "Check for the Version of dbus", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2011-9817", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863416", "href": "http://plugins.openvas.org/nasl.php?oid=863416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9817\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dbus on Fedora 14\";\ntag_insight = \"D-BUS is a system for sending messages between applications. It is\n used both for the system-wide message bus service, and as a\n per-user-login-session messaging facility.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063731.html\");\n script_id(863416);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9817\");\n script_cve_id(\"CVE-2011-2200\", \"CVE-2010-4352\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9817\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.0~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2011-9817", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9817\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063731.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863416\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9817\");\n script_cve_id(\"CVE-2011-2200\", \"CVE-2010-4352\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9817\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"dbus on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.0~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231070777", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_14.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\");\n script_tag(name:\"solution\", value:\"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=348766\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=371261\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372743\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:45", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70777", "href": "http://plugins.openvas.org/nasl.php?oid=70777", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\";\ntag_solution = \"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\";\n\n \n \nif(description)\n{\n script_id(70777);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2022-03-03T07:30:22", "description": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.", "cvss3": {}, "published": "2011-06-22T22:55:00", "type": "debiancve", "title": "CVE-2011-2200", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2011-06-22T22:55:00", "id": "DEBIANCVE:CVE-2011-2200", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2200", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:11:59", "description": "It was discovered that DBus did not properly validate the byte order of \nmessages under certain circumstances. An attacker could exploit this to \ncause a denial of service via application crash or potentially obtain \naccess to sensitive information.\n", "cvss3": {}, "published": "2011-07-26T00:00:00", "type": "ubuntu", "title": "DBus vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2011-07-26T00:00:00", "id": "USN-1176-1", "href": "https://ubuntu.com/security/notices/USN-1176-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:56:24", "description": "**CentOS Errata and Security Advisory** CESA-2011:1132\n\n\nD-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled\nendianness conversion when receiving messages. A local user could use this\nflaw to send a specially-crafted message to dbus-daemon or to a service\nusing the bus, such as Avahi or NetworkManager, possibly causing the\ndaemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-September/054713.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-September/054714.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2011-September/013128.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2011-September/013129.html\n\n**Affected packages:**\ndbus\ndbus-devel\ndbus-libs\ndbus-x11\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:1132", "cvss3": {}, "published": "2011-09-03T18:50:22", "type": "centos", "title": "dbus security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2011-09-22T10:00:27", "id": "CESA-2011:1132", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2011-September/013128.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. ", "cvss3": {}, "published": "2011-08-02T02:05:48", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: dbus-1.4.6-5.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2011-08-02T02:05:48", "id": "FEDORA:74E95110694", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZTCSUHCSYCRBHBPFW3QVYIYWN4KTPLLK/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. ", "cvss3": {}, "published": "2011-08-13T02:28:01", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: dbus-1.4.0-3.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200"], "modified": "2011-08-13T02:28:01", "id": "FEDORA:CD13F110B78", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RARE4SWUJOWIZTQ5LDFCHWMIKIXI33WX/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:06:10", "description": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.", "cvss3": {}, "published": "2011-06-22T22:55:00", "type": "cve", "title": "CVE-2011-2200", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:d-bus_project:d-bus:1.2.26", "cpe:/a:d-bus_project:d-bus:1.2.1", "cpe:/a:d-bus_project:d-bus:1.2.8", "cpe:/a:d-bus_project:d-bus:1.2.4.4", "cpe:/a:d-bus_project:d-bus:1.2.3", "cpe:/a:d-bus_project:d-bus:1.2.12", "cpe:/a:d-bus_project:d-bus:1.2.14", "cpe:/a:d-bus_project:d-bus:1.2.18", "cpe:/a:d-bus_project:d-bus:1.2.2", "cpe:/a:d-bus_project:d-bus:1.2.22", "cpe:/a:d-bus_project:d-bus:1.4.6", "cpe:/a:d-bus_project:d-bus:1.2.4.6", "cpe:/a:d-bus_project:d-bus:1.2.20", "cpe:/a:d-bus_project:d-bus:1.2.24", "cpe:/a:d-bus_project:d-bus:1.2.6", "cpe:/a:d-bus_project:d-bus:1.4.8", "cpe:/a:d-bus_project:d-bus:1.4.1", "cpe:/a:d-bus_project:d-bus:1.2.4.2", "cpe:/a:d-bus_project:d-bus:1.4.4", "cpe:/a:d-bus_project:d-bus:1.5.2", "cpe:/a:d-bus_project:d-bus:1.4.10", "cpe:/a:d-bus_project:d-bus:1.2.10", "cpe:/a:d-bus_project:d-bus:1.5.0", "cpe:/a:d-bus_project:d-bus:1.4.0", "cpe:/a:d-bus_project:d-bus:1.2.4", "cpe:/a:d-bus_project:d-bus:1.2.16"], "id": "CVE-2011-2200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2200", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:d-bus_project:d-bus:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:permissive", "cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:permissive", "cpe:2.3:a:d-bus_project:d-bus:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:permissive", "cpe:2.3:a:d-bus_project:d-bus:1.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:d-bus_project:d-bus:1.4.1:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:56:38", "description": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka\nDBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does\nnot properly handle a non-native byte order, which allows local users to\ncause a denial of service (connection loss), obtain potentially sensitive\ninformation, or conduct unspecified state-modification attacks via crafted\nmessages.", "cvss3": {}, "published": "2011-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2200", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2200"], "modified": "2011-06-22T00:00:00", "id": "UB:CVE-2011-2200", "href": "https://ubuntu.com/security/CVE-2011-2200", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:57", "description": "[1:1.2.24-7.0.1.el6_3 ]\n- fix netlink poll: error 4 (Zhenzhong Duan)\n[1:1.2.24-7]\n- Resolves: #854821\n[1:1.2.24-6]\n- Apply patches for CVE-2011-2200\n- Resolves: #725314", "cvss3": {}, "published": "2012-09-13T00:00:00", "type": "oraclelinux", "title": "dbus security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2200", "CVE-2012-3524"], "modified": "2012-09-13T00:00:00", "id": "ELSA-2012-1261", "href": "http://linux.oracle.com/errata/ELSA-2012-1261.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:30", "description": "[1:1.2.24-5]\n- Merge changes from RHEL-6 branch:\n * Drop default patch fuzz\n * Merge CVE-2010-4352.patch from RHEL-6_0-Z\n- Apply patches for CVE-2011-2200\n- Resolves: #725313", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "oraclelinux", "title": "dbus security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200"], "modified": "2011-08-09T00:00:00", "id": "ELSA-2011-1132", "href": "http://linux.oracle.com/errata/ELSA-2011-1132.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:28", "description": "### Background\n\nD-Bus is a message bus system, a simple way for applications to talk to each other. \n\n### Description\n\nMultiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow for local Denial of Service (daemon crash), or arbitrary file overwriting. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll D-Bus users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/dbus-1.4.12\"", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "gentoo", "title": "D-Bus: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4352", "CVE-2011-2200", "CVE-2011-2533"], "modified": "2011-10-21T00:00:00", "id": "GLSA-201110-14", "href": "https://security.gentoo.org/glsa/201110-14", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}