ID OPENVAS:136141256231070777 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2018-10-12T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 201110-14.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: glsa_201110_14.nasl 11859 2018-10-12 08:53:01Z cfischer $
#
# Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.70777");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2010-4352", "CVE-2011-2200", "CVE-2011-2533");
script_version("$Revision: 11859 $");
script_tag(name:"last_modification", value:"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $");
script_tag(name:"creation_date", value:"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)");
script_name("Gentoo Security Advisory GLSA 201110-14 (D-Bus)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name:"insight", value:"Multiple vulnerabilities were found in D-Bus, the worst of which
allowing for a symlink attack.");
script_tag(name:"solution", value:"All D-Bus users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'");
script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=348766");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=371261");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=372743");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 201110-14.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");
res = "";
report = "";
if((res = ispkgvuln(pkg:"sys-apps/dbus", unaffected: make_list("ge 1.4.12"), vulnerable: make_list("lt 1.4.12"))) != NULL ) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
{"id": "OPENVAS:136141256231070777", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "published": "2012-02-12T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": ["http://bugs.gentoo.org/show_bug.cgi?id=348766", "http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14", "http://bugs.gentoo.org/show_bug.cgi?id=371261", "http://bugs.gentoo.org/show_bug.cgi?id=372743"], "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "type": "openvas", "lastseen": "2019-05-29T18:38:35", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "871586c18aaccce12b04ecb3f7ba1bbb698f2b6a1f5a1b46f5ae7c7f7a497d84", "hashmap": [{"hash": "344696edf6e2feef4aa5ae7487039086", "key": "cvelist"}, {"hash": "120fa36bb2a38c0fb442a2e5f5676e5b", "key": "sourceData"}, {"hash": "2652d60633686b659a4c8a5826fa6d37", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "caedcc240cd1cd2ae321e6a3a366cc4f", "key": "href"}, {"hash": "ab5eea7a8faaf26373e4dfa82138e074", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e34e2f978e4314ac3276e0e621a2704e", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "da15d568ffb74a3348f0995b869ba5bf", "key": "description"}, {"hash": "9fd3138155f9fd2d0447777c5154aeef", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "id": "OPENVAS:136141256231070777", "lastseen": "2018-08-30T19:25:31", "modified": "2018-04-06T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "136141256231070777", "published": "2012-02-12T00:00:00", "references": [], "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\";\ntag_solution = \"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\";\n\n \n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:25:31"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-10-22T16:42:37", "references": [{"idList": ["ELSA-2012-1261", "ELSA-2011-1132", "ELSA-2011-0376"], "type": "oraclelinux"}, {"idList": ["OPENVAS:863400", "OPENVAS:880994", "OPENVAS:1361412562310863416", "OPENVAS:840713", "OPENVAS:863416", "OPENVAS:1361412562310881446", "OPENVAS:1361412562310840713", "OPENVAS:1361412562310863400", "OPENVAS:70777", "OPENVAS:1361412562310870464"], "type": "openvas"}, {"idList": ["CESA-2011:0376", "CESA-2011:1132"], "type": "centos"}, {"idList": ["USN-1044-1", "USN-1176-1"], "type": "ubuntu"}, {"idList": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "type": "cve"}, {"idList": ["RHSA-2011:0376", "RHSA-2011:0439", "RHSA-2011:1132"], "type": "redhat"}, {"idList": ["GLSA-201110-14"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:27214", "SECURITYVULNS:VULN:11357", "SECURITYVULNS:DOC:26750", "SECURITYVULNS:VULN:11820", "SECURITYVULNS:VULN:11998", "SECURITYVULNS:DOC:25504"], "type": "securityvulns"}, {"idList": ["SUSE_DBUS-1-7592.NASL", "SUSE_11_3_DBUS-1-110805.NASL", "UBUNTU_USN-1176-1.NASL", "REDHAT-RHSA-2011-1132.NASL", "SUSE_11_4_DBUS-1-110805.NASL", "SUSE_11_DBUS-1-110628.NASL", "FEDORA_2011-9817.NASL", "GENTOO_GLSA-201110-14.NASL", "ORACLELINUX_ELSA-2011-1132.NASL", "SUSE_DBUS-1-7593.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-2149-1:8A000"], "type": "debian"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "8f211a0eb42c57536df2b8fde2bc8c045398b3acc725f88b0ae1a3ed6710666b", "hashmap": [{"hash": "344696edf6e2feef4aa5ae7487039086", "key": "cvelist"}, {"hash": "1cf132082851f39cadb5279a430c3edb", "key": "references"}, {"hash": "2652d60633686b659a4c8a5826fa6d37", "key": "pluginID"}, {"hash": "8be90a922e3fddc17514b9fd17f39e9b", "key": "modified"}, {"hash": "e4001d651c4c6480e290ac993ae6108c", "key": "sourceData"}, {"hash": "caedcc240cd1cd2ae321e6a3a366cc4f", "key": "href"}, {"hash": "ab5eea7a8faaf26373e4dfa82138e074", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e34e2f978e4314ac3276e0e621a2704e", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "da15d568ffb74a3348f0995b869ba5bf", "key": "description"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "9fd3138155f9fd2d0447777c5154aeef", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "id": "OPENVAS:136141256231070777", "lastseen": "2018-10-22T16:42:37", "modified": "2018-10-12T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "136141256231070777", "published": "2012-02-12T00:00:00", "references": ["http://bugs.gentoo.org/show_bug.cgi?id=348766", "http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14", "http://bugs.gentoo.org/show_bug.cgi?id=371261", "http://bugs.gentoo.org/show_bug.cgi?id=372743"], "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_14.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\");\n script_tag(name:\"solution\", value:\"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=348766\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=371261\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372743\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-10-22T16:42:37"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "97e11234f3c997441543918c1b2113745388c61ea226c3dc82693bdfff419ff7", "hashmap": [{"hash": "344696edf6e2feef4aa5ae7487039086", "key": "cvelist"}, {"hash": "120fa36bb2a38c0fb442a2e5f5676e5b", "key": "sourceData"}, {"hash": "2652d60633686b659a4c8a5826fa6d37", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "caedcc240cd1cd2ae321e6a3a366cc4f", "key": "href"}, {"hash": "ab5eea7a8faaf26373e4dfa82138e074", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e34e2f978e4314ac3276e0e621a2704e", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "da15d568ffb74a3348f0995b869ba5bf", "key": "description"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "9fd3138155f9fd2d0447777c5154aeef", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "id": "OPENVAS:136141256231070777", "lastseen": "2018-09-01T23:58:31", "modified": "2018-04-06T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "136141256231070777", "published": "2012-02-12T00:00:00", "references": [], "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\";\ntag_solution = \"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\";\n\n \n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:58:31"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "b92b4fb717a37da680a28da4ca398b6e4c4a0c345c55ce4f61ac382eefd84cbb", "hashmap": [{"hash": "344696edf6e2feef4aa5ae7487039086", "key": "cvelist"}, {"hash": "2652d60633686b659a4c8a5826fa6d37", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e3fe0a23059307d9f79f162426695d44", "key": "modified"}, {"hash": "caedcc240cd1cd2ae321e6a3a366cc4f", "key": "href"}, {"hash": "ab5eea7a8faaf26373e4dfa82138e074", "key": "title"}, {"hash": "e4a0bf0814f8a5017553f18aeeb92e62", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e34e2f978e4314ac3276e0e621a2704e", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "da15d568ffb74a3348f0995b869ba5bf", "key": "description"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "9fd3138155f9fd2d0447777c5154aeef", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "id": "OPENVAS:136141256231070777", "lastseen": "2018-09-28T18:28:48", "modified": "2018-09-28T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "136141256231070777", "published": "2012-02-12T00:00:00", "references": [], "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_14.nasl 11671 2018-09-28 10:44:05Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 11671 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 12:44:05 +0200 (Fri, 28 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\");\n script_tag(name:\"solution\", value:\"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-28T18:28:48"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4352", "CVE-2011-2533", "CVE-2011-2200"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "97e11234f3c997441543918c1b2113745388c61ea226c3dc82693bdfff419ff7", "hashmap": [{"hash": "344696edf6e2feef4aa5ae7487039086", "key": "cvelist"}, {"hash": "120fa36bb2a38c0fb442a2e5f5676e5b", "key": "sourceData"}, {"hash": "2652d60633686b659a4c8a5826fa6d37", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "caedcc240cd1cd2ae321e6a3a366cc4f", "key": "href"}, {"hash": "ab5eea7a8faaf26373e4dfa82138e074", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e34e2f978e4314ac3276e0e621a2704e", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "da15d568ffb74a3348f0995b869ba5bf", "key": "description"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "9fd3138155f9fd2d0447777c5154aeef", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070777", "id": "OPENVAS:136141256231070777", "lastseen": "2018-04-06T11:18:02", "modified": "2018-04-06T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "136141256231070777", "published": "2012-02-12T00:00:00", "references": [], "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\";\ntag_solution = \"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\";\n\n \n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:18:02"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "344696edf6e2feef4aa5ae7487039086"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "da15d568ffb74a3348f0995b869ba5bf"}, {"key": "href", "hash": "caedcc240cd1cd2ae321e6a3a366cc4f"}, {"key": "modified", "hash": "8be90a922e3fddc17514b9fd17f39e9b"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "2652d60633686b659a4c8a5826fa6d37"}, {"key": "published", "hash": "9fd3138155f9fd2d0447777c5154aeef"}, {"key": "references", "hash": "1cf132082851f39cadb5279a430c3edb"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "sourceData", "hash": "e4001d651c4c6480e290ac993ae6108c"}, {"key": "title", "hash": "ab5eea7a8faaf26373e4dfa82138e074"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "907ea03cda4f52ed2121743cbc0a7cb97f43a0881763e8925a6e153837463326", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2533", "CVE-2011-2200", "CVE-2010-4352"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27214", "SECURITYVULNS:VULN:11998", "SECURITYVULNS:VULN:11820", "SECURITYVULNS:DOC:26750", "SECURITYVULNS:VULN:11357", "SECURITYVULNS:DOC:25504"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201110-14.NASL", "REDHAT-RHSA-2011-1132.NASL", "UBUNTU_USN-1176-1.NASL", "SL_20110809_DBUS_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2011-1132.NASL", "SUSE_DBUS-1-7593.NASL", "FEDORA_2011-9891.NASL", "SUSE_11_DBUS-1-110628.NASL", "CENTOS_RHSA-2011-1132.NASL", "SUSE_11_3_DBUS-1-110805.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201110-14"]}, {"type": "openvas", "idList": ["OPENVAS:70777", "OPENVAS:1361412562310863416", "OPENVAS:863416", "OPENVAS:1361412562310863400", "OPENVAS:1361412562310870464", "OPENVAS:1361412562310880994", "OPENVAS:870464", "OPENVAS:840713", "OPENVAS:880994", "OPENVAS:1361412562310840713"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1132", "ELSA-2011-0376", "ELSA-2012-1261"]}, {"type": "ubuntu", "idList": ["USN-1176-1", "USN-1044-1"]}, {"type": "centos", "idList": ["CESA-2011:1132", "CESA-2011:0376"]}, {"type": "redhat", "idList": ["RHSA-2011:1132", "RHSA-2011:0376", "RHSA-2011:0439"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2149-1:8A000"]}], "modified": "2019-05-29T18:38:35"}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-05-29T18:38:35"}, "vulnersScore": 7.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_14.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70777\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\");\n script_tag(name:\"solution\", value:\"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=348766\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=371261\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372743\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "136141256231070777", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:11:13", "bulletinFamily": "NVD", "description": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.", "modified": "2017-08-29T01:29:00", "id": "CVE-2011-2533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2533", "published": "2011-06-22T23:55:00", "title": "CVE-2011-2533", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:11", "bulletinFamily": "NVD", "description": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.", "modified": "2017-08-29T01:29:00", "id": "CVE-2011-2200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2200", "published": "2011-06-22T22:55:00", "title": "CVE-2011-2200", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:32", "bulletinFamily": "NVD", "description": "Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.", "modified": "2016-12-08T03:01:00", "id": "CVE-2010-4352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4352", "published": "2010-12-30T19:00:00", "title": "CVE-2010-4352", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 201110-14\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: D-Bus: Multiple vulnerabilities\r\n Date: October 21, 2011\r\n Bugs: #348766, #371261, #372743\r\n ID: 201110-14\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities were found in D-Bus, the worst of which\r\nallowing for a symlink attack.\r\n\r\nBackground\r\n==========\r\n\r\nD-Bus is a message bus system, a simple way for applications to talk to\r\neach other.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 sys-apps/dbus < 1.4.12 >= 1.4.12\r\n\r\nDescription\r\n===========\r\n\r\nMultiple vulnerabilities have been discovered in D-Bus. Please review\r\nthe CVE identifiers referenced below for details.\r\n\r\nImpact\r\n======\r\n\r\nThe vulnerabilities allow for local Denial of Service (daemon crash),\r\nor arbitrary file overwriting.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll D-Bus users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.4.12"\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CVE-2010-4352\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4352\r\n[ 2 ] CVE-2011-2200\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2200\r\n[ 3 ] CVE-2011-2533\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2533\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-201110-14.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users' machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttps://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2011 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "SECURITYVULNS:DOC:27214", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27214", "title": "[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "configure script insecure file creation", "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "SECURITYVULNS:VULN:11998", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11998", "title": "D-Bus symbolic links vulnerability", "type": "securityvulns", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "Byteorder is not checked in some messages.", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11820", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11820", "title": "Linux DBus DoS", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1176-1\r\nJuly 26, 2011\r\n\r\ndbus vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nDBus could be made to crash if it processed a specially crafted message.\r\n\r\nSoftware Description:\r\n- dbus: simple interprocess messaging system\r\n\r\nDetails:\r\n\r\nIt was discovered that DBus did not properly validate the byte order of\r\nmessages under certain circumstances. An attacker could exploit this to\r\ncause a denial of service via application crash or potentially obtain\r\naccess to sensitive information.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n dbus 1.4.6-1ubuntu6.1\r\n\r\nUbuntu 10.10:\r\n dbus 1.4.0-0ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n dbus 1.2.16-2ubuntu4.3\r\n\r\nUbuntu 8.04 LTS:\r\n dbus 1.1.20-1ubuntu3.5\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1176-1\r\n CVE-2011-2200\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.1\r\n https://launchpad.net/ubuntu/+source/dbus/1.4.0-0ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.3\r\n https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.5\r\n\r\n", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26750", "title": "[USN-1176-1] DBus vulnerability", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-1044-1 January 18, 2011\r\ndbus vulnerability\r\nCVE-2010-4352\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n libdbus-1-3 1.1.20-1ubuntu3.4\r\n\r\nUbuntu 9.10:\r\n libdbus-1-3 1.2.16-0ubuntu9.1\r\n\r\nUbuntu 10.04 LTS:\r\n libdbus-1-3 1.2.16-2ubuntu4.1\r\n\r\nUbuntu 10.10:\r\n libdbus-1-3 1.4.0-0ubuntu1.1\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nDetails follow:\r\n\r\nRemi Denis-Courmont discovered that D-Bus did not properly validate the\r\nnumber of nested variants when validating D-Bus messages. A local attacker\r\ncould exploit this to cause a denial of service.\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4.diff.gz\r\n Size/MD5: 30731 14911ba9f71e4c7a457441a0654c1568\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4.dsc\r\n Size/MD5: 1915 7132713f4351d60638d2f9a7c7b50187\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.1.20.orig.tar.gz\r\n Size/MD5: 1401902 c552b9bc4b69e4c602644abc21b7661e\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_1.1.20-1ubuntu3.4_all.deb\r\n Size/MD5: 1708168 3b87103f06e0403c75856b86b4cce718\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.1.20-1ubuntu3.4_amd64.deb\r\n Size/MD5: 44442 3018cb6b9b2838fcacea60476f98f0a4\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4_amd64.deb\r\n Size/MD5: 317708 1a8e7a344f84a12de61ecdeb2099440e\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.1.20-1ubuntu3.4_amd64.deb\r\n Size/MD5: 138820 9bfe5ebd1a7793956f6821d2bc418d51\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.1.20-1ubuntu3.4_amd64.deb\r\n Size/MD5: 187868 bdef41bd842beb25cbf8c7e846171843\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.1.20-1ubuntu3.4_i386.deb\r\n Size/MD5: 43258 633cd8cbc86fda64f5f78e6b0111e8c0\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4_i386.deb\r\n Size/MD5: 281652 719a502a85474c3e7607471a37c9f99c\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.1.20-1ubuntu3.4_i386.deb\r\n Size/MD5: 124192 e68a0a17512af8ee45396ea517d4e51e\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.1.20-1ubuntu3.4_i386.deb\r\n Size/MD5: 169420 2c6d14b7d1de8d68b970b617c5c47b68\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.1.20-1ubuntu3.4_lpia.deb\r\n Size/MD5: 43174 2194b9c64cb1bc255de8be73ebe31e40\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4_lpia.deb\r\n Size/MD5: 276086 81ed1ac740b7f911035273218dcd9e00\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.1.20-1ubuntu3.4_lpia.deb\r\n Size/MD5: 122094 111edd4908d03f7906f528b723fe1fac\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.1.20-1ubuntu3.4_lpia.deb\r\n Size/MD5: 165250 a79260e5a2da3bbca39ff9cf26fa1957\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.1.20-1ubuntu3.4_powerpc.deb\r\n Size/MD5: 46744 73a49bd17d06aec4cdcf892c14065701\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4_powerpc.deb\r\n Size/MD5: 306740 ef7f3173bb1e121b7795c177326738b6\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.1.20-1ubuntu3.4_powerpc.deb\r\n Size/MD5: 132242 45b1673cc89d40564721128f5b4667a0\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.1.20-1ubuntu3.4_powerpc.deb\r\n Size/MD5: 176450 8863c504a26182f079caa25e38e068dc\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.1.20-1ubuntu3.4_sparc.deb\r\n Size/MD5: 43456 42ea7238fbd0e3d63f104a8f333b23ce\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.1.20-1ubuntu3.4_sparc.deb\r\n Size/MD5: 274954 ede65aab32b7c224c45e7b87de151485\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.1.20-1ubuntu3.4_sparc.deb\r\n Size/MD5: 122558 b3e0b14c5d5f42626236dd17a4dc2497\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.1.20-1ubuntu3.4_sparc.deb\r\n Size/MD5: 172258 f9871f7143fa33a4194a44530a326388\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1.dsc\r\n Size/MD5: 2126 67a2122d18da6e374ef6d0bf60cfa622\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1.tar.gz\r\n Size/MD5: 1538983 af74c79fd8c46912f6f04aebd100a55f\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_1.2.16-0ubuntu9.1_all.deb\r\n Size/MD5: 1739058 14d9282d92bb2ba513d4090b143d0ecd\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_amd64.deb\r\n Size/MD5: 45770 4b05355ca1fa77808ef8d73b733ef50c\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_amd64.deb\r\n Size/MD5: 210700 b2028fbd0fc4af84afbd9235b19b914f\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_amd64.deb\r\n Size/MD5: 146092 5893422f9af1105c77aaf18ec47c725f\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_amd64.deb\r\n Size/MD5: 220940 7e6c69e91021a39bc6c8304e8b78117a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_i386.deb\r\n Size/MD5: 44456 790a2972ffcf0972f4a25c158873c45a\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_i386.deb\r\n Size/MD5: 188600 a2993580f7875fe8cafcc7b631b7704b\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_i386.deb\r\n Size/MD5: 131040 f853d5f055ed5eb89e792edf6df9c4d8\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_i386.deb\r\n Size/MD5: 196314 358dc8d26718d58b8b0202617597862c\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_armel.deb\r\n Size/MD5: 44184 81959575e5f5ce1cdc277be99f12273e\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_armel.deb\r\n Size/MD5: 184056 92e222d19ece0e2801a1177ee3466f75\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_armel.deb\r\n Size/MD5: 127198 a2a4bb7b0aa0d318d16f4d770bb67512\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_armel.deb\r\n Size/MD5: 200750 c2befc0c184acdd97f89be9b655ed3a4\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_lpia.deb\r\n Size/MD5: 44740 c77a6b2284d8f9721b0aec1d800b8939\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_lpia.deb\r\n Size/MD5: 187526 2435c64887aaba64d8b9079df0e809c3\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_lpia.deb\r\n Size/MD5: 129978 4fac6f10aaeb5afc585cb8945c430fe3\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_lpia.deb\r\n Size/MD5: 194100 111cdaf812925267c913eb015bc5cae2\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_powerpc.deb\r\n Size/MD5: 45428 e0b492ffde6461e5d2fe3bfebdb962d8\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_powerpc.deb\r\n Size/MD5: 208238 90fd81067c6b05c32389d05f5f47490f\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_powerpc.deb\r\n Size/MD5: 139250 13858dff3836be134add9d96dc617dc5\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_powerpc.deb\r\n Size/MD5: 202790 e67c05cf6fece288f7af0f2a16575691\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-0ubuntu9.1_sparc.deb\r\n Size/MD5: 44718 f1e4bbfe8144d1d84a254a199b7fae1d\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-0ubuntu9.1_sparc.deb\r\n Size/MD5: 184226 793710369c28bd9e464ff7c7a73f05c2\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-0ubuntu9.1_sparc.deb\r\n Size/MD5: 128702 ee2db1b8d4db5a86b39fb53debae165b\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-0ubuntu9.1_sparc.deb\r\n Size/MD5: 193702 1baaf3e2ea5d3824a8c491fd606a748c\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1.diff.gz\r\n Size/MD5: 33308 2cff23d217dd81eb8d906c77e9b1e922\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1.dsc\r\n Size/MD5: 2360 1e891a07e45ecb29f39b502daf28c0b5\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16.orig.tar.gz\r\n Size/MD5: 1576209 c7a47b851ebe02f6726b65b78d1b730b\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_1.2.16-2ubuntu4.1_all.deb\r\n Size/MD5: 1730750 d88daea04100ff09c6fb24581847fa92\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.2.16-2ubuntu4.1_amd64.deb\r\n Size/MD5: 43156 f3de762eb0713a1ed4a9688fcf7e9d73\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1_amd64.deb\r\n Size/MD5: 209722 a46d048f145b5c4a921ff24ff7e485b9\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.2.16-2ubuntu4.1_amd64.deb\r\n Size/MD5: 143450 dac584fc18981e5fd78b2788cbac37e7\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.2.16-2ubuntu4.1_amd64.deb\r\n Size/MD5: 25342 b9faf49ec8e09b21efde6c99c342e3f9\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.2.16-2ubuntu4.1_i386.deb\r\n Size/MD5: 41802 dc8f69948f798f3a027b20acdc52059e\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1_i386.deb\r\n Size/MD5: 188972 fb68bd6aceaa6c93f402168748fc3e1c\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.2.16-2ubuntu4.1_i386.deb\r\n Size/MD5: 128248 c2dc036456c7d33e2beddaf669e8de86\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.2.16-2ubuntu4.1_i386.deb\r\n Size/MD5: 25340 08fa5b2372cb48999432a80da361e37d\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-2ubuntu4.1_armel.deb\r\n Size/MD5: 41818 85f23ff854769f007930da1d13220e1e\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1_armel.deb\r\n Size/MD5: 172634 62e950f28018ab0e55ed8e1efe6113ad\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-2ubuntu4.1_armel.deb\r\n Size/MD5: 118692 99e366692bb3ba25bdbe6bf403c4c7a8\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-2ubuntu4.1_armel.deb\r\n Size/MD5: 25248 532bb7ac5d53bbedcd24e3380006269b\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-2ubuntu4.1_powerpc.deb\r\n Size/MD5: 42776 c460ce063a13ca99143e60ec2834189a\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1_powerpc.deb\r\n Size/MD5: 208684 92808853d3dd44e153c2e1308da712dc\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-2ubuntu4.1_powerpc.deb\r\n Size/MD5: 136318 19dcdcc1f7396dfd1dc183e32a990e3b\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-2ubuntu4.1_powerpc.deb\r\n Size/MD5: 25344 377a75b2c05d842451fa85c744ae4a88\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.2.16-2ubuntu4.1_sparc.deb\r\n Size/MD5: 42266 a2fcf1af4cc1f3e9a6e76050ca1c3a3d\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.2.16-2ubuntu4.1_sparc.deb\r\n Size/MD5: 190192 f66b4efe660ca381b11c5d4e9b9acbc5\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.2.16-2ubuntu4.1_sparc.deb\r\n Size/MD5: 129382 afb0f3aa70a48d2b64c24a4be7f44e03\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.2.16-2ubuntu4.1_sparc.deb\r\n Size/MD5: 25340 2172b68707287e8880baf4af416f6cb4\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1.debian.tar.gz\r\n Size/MD5: 33459 f2ee34cb8a11cbf5d64143e5ab74883b\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1.dsc\r\n Size/MD5: 2335 5c1fc6828cecde5732b7205422760593\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.4.0.orig.tar.gz\r\n Size/MD5: 1800347 f59618b18d2fb2bd1fce9e1c5a2a3282\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-doc_1.4.0-0ubuntu1.1_all.deb\r\n Size/MD5: 1942586 ad0fa350b9428b6cf116aeb0f2457732\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dbg_1.4.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 831724 4b07bc6d76f0231b91d4219f50e78068\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.4.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 39222 df3255faec6afd8a71209e3b36e1fc53\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 218792 f7b1d7635e7a790da5d97199af671cc3\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.4.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 145234 74359a633c6d72755b9d482bb35f3d21\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.4.0-0ubuntu1.1_amd64.deb\r\n Size/MD5: 25956 87a0b15cf7f19c401deabdf9878fbb82\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-1-dbg_1.4.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 837350 14853bfc4e0e3b3f7872e45c563c14e6\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus-x11_1.4.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 37824 1b9513c37557f8797b01c4305b42014f\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 195714 f81f233d7b6309ddb70eba7bb54ecdc7\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.4.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 130006 6fa60d5c3ef722232ca79415354f4825\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dbus/libdbus-1-dev_1.4.0-0ubuntu1.1_i386.deb\r\n Size/MD5: 25952 08fb32b2c05fbda78b26a7e9bf2eb0b3\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-1-dbg_1.4.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 837100 1cdb6df9c5976b2a789fde5baad0d393\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.4.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 37202 240497fe96f1e4d0cb304c7a618071ea\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 190110 35903da49ec6e68d1edd3ed276ce9819\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.4.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 126020 115cc77e978eb5cb04d44fd6bdf8fb6f\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.4.0-0ubuntu1.1_armel.deb\r\n Size/MD5: 26214 22f6093535cfb196f5015bd795d409c5\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-1-dbg_1.4.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 875648 48bc3df72a32b3d3d385ba46ed814855\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus-x11_1.4.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 38830 ccdfebcf91df68df2f8d28036447baf8\r\n http://ports.ubuntu.com/pool/main/d/dbus/dbus_1.4.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 217680 1d3f9f69c78f03eb2111268f0bfeccbe\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-3_1.4.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 140022 8d71802411f69193acbd30d26c7926a1\r\n http://ports.ubuntu.com/pool/main/d/dbus/libdbus-1-dev_1.4.0-0ubuntu1.1_powerpc.deb\r\n Size/MD5: 25948 e9276a8fea728258210c3832ee55faea\r\n\r\n\r\n", "modified": "2011-01-19T00:00:00", "published": "2011-01-19T00:00:00", "id": "SECURITYVULNS:DOC:25504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25504", "title": "[USN-1044-1] D-Bus vulnerability", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "description": "Crash on message processing.", "modified": "2011-01-19T00:00:00", "published": "2011-01-19T00:00:00", "id": "SECURITYVULNS:VULN:11357", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11357", "title": "D-Bus DoS", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:45", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-14.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70777", "id": "OPENVAS:70777", "title": "Gentoo Security Advisory GLSA 201110-14 (D-Bus)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in D-Bus, the worst of which\n allowing for a symlink attack.\";\ntag_solution = \"All D-Bus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=348766\nhttp://bugs.gentoo.org/show_bug.cgi?id=371261\nhttp://bugs.gentoo.org/show_bug.cgi?id=372743\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-14.\";\n\n \n \nif(description)\n{\n script_id(70777);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-14 (D-Bus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"sys-apps/dbus\", unaffected: make_list(\"ge 1.4.12\"), vulnerable: make_list(\"lt 1.4.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-18T00:00:00", "id": "OPENVAS:1361412562310863416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863416", "title": "Fedora Update for dbus FEDORA-2011-9817", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9817\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063731.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863416\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9817\");\n script_cve_id(\"CVE-2011-2200\", \"CVE-2010-4352\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9817\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"dbus on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.0~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:28", "bulletinFamily": "scanner", "description": "Check for the Version of dbus", "modified": "2017-07-10T00:00:00", "published": "2011-08-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863416", "id": "OPENVAS:863416", "title": "Fedora Update for dbus FEDORA-2011-9817", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9817\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dbus on Fedora 14\";\ntag_insight = \"D-BUS is a system for sending messages between applications. It is\n used both for the system-wide message bus service, and as a\n per-user-login-session messaging facility.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063731.html\");\n script_id(863416);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9817\");\n script_cve_id(\"CVE-2011-2200\", \"CVE-2010-4352\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9817\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.0~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:51", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1176-1", "modified": "2017-12-01T00:00:00", "published": "2011-08-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840713", "id": "OPENVAS:840713", "title": "Ubuntu Update for dbus USN-1176-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1176_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for dbus USN-1176-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that DBus did not properly validate the byte order of\n messages under certain circumstances. An attacker could exploit this to\n cause a denial of service via application crash or potentially obtain\n access to sensitive information.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1176-1\";\ntag_affected = \"dbus on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1176-1/\");\n script_id(840713);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1176-1\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Ubuntu Update for dbus USN-1176-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.0-0ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.16-2ubuntu4.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.6-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1176-1", "modified": "2019-03-13T00:00:00", "published": "2011-08-02T00:00:00", "id": "OPENVAS:1361412562310840713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840713", "title": "Ubuntu Update for dbus USN-1176-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1176_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for dbus USN-1176-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1176-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840713\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1176-1\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Ubuntu Update for dbus USN-1176-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1176-1\");\n script_tag(name:\"affected\", value:\"dbus on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that DBus did not properly validate the byte order of\n messages under certain circumstances. An attacker could exploit this to\n cause a denial of service via application crash or potentially obtain\n access to sensitive information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.0-0ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.16-2ubuntu4.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.4.6-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:18", "bulletinFamily": "scanner", "description": "Check for the Version of dbus", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881446", "id": "OPENVAS:881446", "title": "CentOS Update for dbus CESA-2011:1132 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\n\ntag_affected = \"dbus on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\");\n script_id(881446);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:53:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2200\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1132\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "bulletinFamily": "scanner", "description": "Check for the Version of dbus", "modified": "2017-07-10T00:00:00", "published": "2011-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880994", "id": "OPENVAS:880994", "title": "CentOS Update for dbus CESA-2011:1132 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"dbus on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\");\n script_id(880994);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1132\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 i386\");\n\n script_summary(\"Check for the Version of dbus\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880994", "title": "CentOS Update for dbus CESA-2011:1132 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dbus CESA-2011:1132 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880994\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1132\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"CentOS Update for dbus CESA-2011:1132 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"dbus on CentOS 5\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863400", "title": "Fedora Update for dbus FEDORA-2011-9891", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dbus FEDORA-2011-9891\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9891\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"Fedora Update for dbus FEDORA-2011-9891\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"dbus on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.4.6~5.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310870464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870464", "title": "RedHat Update for dbus RHSA-2011:1132-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dbus RHSA-2011:1132-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870464\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1132-01\");\n script_cve_id(\"CVE-2011-2200\");\n script_name(\"RedHat Update for dbus RHSA-2011:1132-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dbus'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"dbus on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"D-Bus is a system for sending messages between applications. It is used for\n the system-wide message bus service and as a per-user-login-session\n messaging facility.\n\n A denial of service flaw was found in the way the D-Bus library handled\n endianness conversion when receiving messages. A local user could use this\n flaw to send a specially-crafted message to dbus-daemon or to a service\n using the bus, such as Avahi or NetworkManager, possibly causing the\n daemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\n All users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. For the update to take effect, all\n running instances of dbus-daemon and all running applications using the\n libdbus library must be restarted, or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dbus\", rpm:\"dbus~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-debuginfo\", rpm:\"dbus-debuginfo~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-devel\", rpm:\"dbus-devel~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-libs\", rpm:\"dbus-libs~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dbus-x11\", rpm:\"dbus-x11~1.1.2~16.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "bulletinFamily": "unix", "description": "### Background\n\nD-Bus is a message bus system, a simple way for applications to talk to each other. \n\n### Description\n\nMultiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow for local Denial of Service (daemon crash), or arbitrary file overwriting. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll D-Bus users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/dbus-1.4.12\"", "modified": "2011-10-21T00:00:00", "published": "2011-10-21T00:00:00", "id": "GLSA-201110-14", "href": "https://security.gentoo.org/glsa/201110-14", "type": "gentoo", "title": "D-Bus: Multiple vulnerabilities", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-12-13T07:33:27", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201110-14\n(D-Bus: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in D-Bus. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow for local Denial of Service (daemon crash), or\n arbitrary file overwriting.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-12-02T00:00:00", "id": "GENTOO_GLSA-201110-14.NASL", "href": "https://www.tenable.com/plugins/nessus/56589", "published": "2011-10-24T00:00:00", "title": "GLSA-201110-14 : D-Bus: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-14.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56589);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2010-4352\", \"CVE-2011-2200\", \"CVE-2011-2533\");\n script_bugtraq_id(45377, 48216, 48460);\n script_xref(name:\"GLSA\", value:\"201110-14\");\n\n script_name(english:\"GLSA-201110-14 : D-Bus: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-14\n(D-Bus: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in D-Bus. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow for local Denial of Service (daemon crash), or\n arbitrary file overwriting.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All D-Bus users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/dbus-1.4.12'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/dbus\", unaffected:make_list(\"ge 1.4.12\"), vulnerable:make_list(\"lt 1.4.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"D-Bus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:21:16", "bulletinFamily": "scanner", "description": "This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_DBUS-1-110628.NASL", "href": "https://www.tenable.com/plugins/nessus/55587", "published": "2011-07-13T00:00:00", "title": "SuSE 11.1 Security Update : dbus-1 (SAT Patch Number 4799)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55587);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"SuSE 11.1 Security Update : dbus-1 (SAT Patch Number 4799)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2200.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"dbus-1-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.10-3.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:03:32", "bulletinFamily": "scanner", "description": " - Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2011-9891.NASL", "href": "https://www.tenable.com/plugins/nessus/55754", "published": "2011-08-02T00:00:00", "title": "Fedora 15 : dbus-1.4.6-5.fc15 (2011-9891)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9891.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55754);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:36\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"FEDORA\", value:\"2011-9891\");\n\n script_name(english:\"Fedora 15 : dbus-1.4.6-5.fc15 (2011-9891)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Merge fixes from upstream for CVE-2011-2200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=712678\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ff962a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"dbus-1.4.6-5.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:41:08", "bulletinFamily": "scanner", "description": "Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/56269", "published": "2011-09-23T00:00:00", "title": "CentOS 5 : dbus (CESA-2011:1132)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1132 and \n# CentOS Errata and Security Advisory 2011:1132 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56269);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"CentOS 5 : dbus (CESA-2011:1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5834bca9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?328276fc\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d130dc2c\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5ee7d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:44:33", "bulletinFamily": "scanner", "description": "It was discovered that DBus did not properly validate the byte order\nof messages under certain circumstances. An attacker could exploit\nthis to cause a denial of service via application crash or potentially\nobtain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-1176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55700", "published": "2011-07-27T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : dbus vulnerability (USN-1176-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1176-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55700);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"USN\", value:\"1176-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : dbus vulnerability (USN-1176-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that DBus did not properly validate the byte order\nof messages under certain circumstances. An attacker could exploit\nthis to cause a denial of service via application crash or potentially\nobtain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1176-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"dbus\", pkgver:\"1.1.20-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"dbus\", pkgver:\"1.2.16-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"dbus\", pkgver:\"1.4.0-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"dbus\", pkgver:\"1.4.6-1ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:43:50", "bulletinFamily": "scanner", "description": "This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)", "modified": "2019-12-02T00:00:00", "id": "SUSE_DBUS-1-7593.NASL", "href": "https://www.tenable.com/plugins/nessus/55588", "published": "2011-07-13T00:00:00", "title": "SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7593)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55588);\n script_version (\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7593)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the security issue that local users could disconnect\nsystem daemons from the bus by sending specially crafted messages.\n(CVE-2011-2200)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2200.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7593.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-devel-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-glib-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-gtk-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-java-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-mono-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-python-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-qt3-devel-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"dbus-1-x11-0.60-33.31.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-glib-32bit-0.60-33.31.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"dbus-1-qt3-32bit-0.60-33.31.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:13:10", "bulletinFamily": "scanner", "description": "D-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "modified": "2019-12-02T00:00:00", "id": "SL_20110809_DBUS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61107", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : dbus on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61107);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:20\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"Scientific Linux Security Update : dbus on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"D-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=1276\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eaf8c547\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:53:13", "bulletinFamily": "scanner", "description": "Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/55809", "published": "2011-08-10T00:00:00", "title": "RHEL 5 / 6 : dbus (RHSA-2011:1132)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1132. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55809);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"RHEL 5 / 6 : dbus (RHSA-2011:1132)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1132\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1132\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-debuginfo-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-doc-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-debuginfo / dbus-devel / dbus-doc / dbus-libs / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:41:05", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:1132 :\n\nUpdated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2011-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/68321", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : dbus (ELSA-2011-1132)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1132 and \n# Oracle Linux Security Advisory ELSA-2011-1132 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68321);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2011-2200\");\n script_bugtraq_id(48216);\n script_xref(name:\"RHSA\", value:\"2011:1132\");\n\n script_name(english:\"Oracle Linux 5 / 6 : dbus (ELSA-2011-1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1132 :\n\nUpdated dbus packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nD-Bus is a system for sending messages between applications. It is\nused for the system-wide message bus service and as a\nper-user-login-session messaging facility.\n\nA denial of service flaw was found in the way the D-Bus library\nhandled endianness conversion when receiving messages. A local user\ncould use this flaw to send a specially crafted message to dbus-daemon\nor to a service using the bus, such as Avahi or NetworkManager,\npossibly causing the daemon to exit or the service to disconnect from\nthe bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to\ntake effect, all running instances of dbus-daemon and all running\napplications using the libdbus library must be restarted, or the\nsystem rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002269.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002270.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dbus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dbus-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"dbus-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-devel-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-libs-1.1.2-16.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dbus-x11-1.1.2-16.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"dbus-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-devel-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-doc-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-libs-1.2.24-5.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dbus-x11-1.2.24-5.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus / dbus-devel / dbus-doc / dbus-libs / dbus-x11\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:21:01", "bulletinFamily": "scanner", "description": "local users could disconnect system daemons from the bus by sending\nspecially crafted messages (CVE-2011-2200).", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_3_DBUS-1-110805.NASL", "href": "https://www.tenable.com/plugins/nessus/75461", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update dbus-1-4962.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75461);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2011-2200\");\n\n script_name(english:\"openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0880-1)\");\n script_summary(english:\"Check for the dbus-1-4962 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"local users could disconnect system daemons from the bus by sending\nspecially crafted messages (CVE-2011-2200).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dbus-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"dbus-1-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"dbus-1-devel-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"dbus-1-32bit-1.2.24-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"dbus-1-devel-32bit-1.2.24-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dbus-1 / dbus-1-32bit / dbus-1-devel / dbus-1-devel-32bit\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "unix", "description": "[1:1.2.24-5]\n- Merge changes from RHEL-6 branch:\n * Drop default patch fuzz\n * Merge CVE-2010-4352.patch from RHEL-6_0-Z\n- Apply patches for CVE-2011-2200\n- Resolves: #725313", "modified": "2011-08-09T00:00:00", "published": "2011-08-09T00:00:00", "id": "ELSA-2011-1132", "href": "http://linux.oracle.com/errata/ELSA-2011-1132.html", "title": "dbus security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "unix", "description": "[1:1.2.24-4]\n- Apply patch for CVE-2010-4352\n- Resolves: #684852", "modified": "2011-03-22T00:00:00", "published": "2011-03-22T00:00:00", "id": "ELSA-2011-0376", "href": "http://linux.oracle.com/errata/ELSA-2011-0376.html", "title": "dbus security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "unix", "description": "[1:1.2.24-7.0.1.el6_3 ]\n- fix netlink poll: error 4 (Zhenzhong Duan)\n[1:1.2.24-7]\n- Resolves: #854821\n[1:1.2.24-6]\n- Apply patches for CVE-2011-2200\n- Resolves: #725314", "modified": "2012-09-13T00:00:00", "published": "2012-09-13T00:00:00", "id": "ELSA-2012-1261", "href": "http://linux.oracle.com/errata/ELSA-2012-1261.html", "title": "dbus security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:11", "bulletinFamily": "unix", "description": "It was discovered that DBus did not properly validate the byte order of messages under certain circumstances. An attacker could exploit this to cause a denial of service via application crash or potentially obtain access to sensitive information.", "modified": "2011-07-26T00:00:00", "published": "2011-07-26T00:00:00", "id": "USN-1176-1", "href": "https://usn.ubuntu.com/1176-1/", "title": "DBus vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:20:59", "bulletinFamily": "unix", "description": "Remi Denis-Courmont discovered that D-Bus did not properly validate the number of nested variants when validating D-Bus messages. A local attacker could exploit this to cause a denial of service.", "modified": "2011-01-18T00:00:00", "published": "2011-01-18T00:00:00", "id": "USN-1044-1", "href": "https://usn.ubuntu.com/1044-1/", "title": "D-Bus vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1132\n\n\nD-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled\nendianness conversion when receiving messages. A local user could use this\nflaw to send a specially-crafted message to dbus-daemon or to a service\nusing the bus, such as Avahi or NetworkManager, possibly causing the\ndaemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017794.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017795.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000238.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000239.html\n\n**Affected packages:**\ndbus\ndbus-devel\ndbus-libs\ndbus-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1132.html", "modified": "2011-09-22T06:00:27", "published": "2011-09-03T14:50:22", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000238.html", "id": "CESA-2011:1132", "title": "dbus security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0376\n\n\nD-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was discovered in the system for sending messages\nbetween applications. A local user could send a message with an excessive\nnumber of nested variants to the system-wide message bus, causing the\nmessage bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2010-4352)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017332.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017333.html\n\n**Affected packages:**\ndbus\ndbus-devel\ndbus-libs\ndbus-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0376.html", "modified": "2011-04-14T19:47:56", "published": "2011-04-14T19:47:56", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/017332.html", "id": "CESA-2011:0376", "title": "dbus security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "description": "D-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was found in the way the D-Bus library handled\nendianness conversion when receiving messages. A local user could use this\nflaw to send a specially-crafted message to dbus-daemon or to a service\nusing the bus, such as Avahi or NetworkManager, possibly causing the\ndaemon to exit or the service to disconnect from the bus. (CVE-2011-2200)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n", "modified": "2018-06-06T20:24:13", "published": "2011-08-09T04:00:00", "id": "RHSA-2011:1132", "href": "https://access.redhat.com/errata/RHSA-2011:1132", "type": "redhat", "title": "(RHSA-2011:1132) Moderate: dbus security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "description": "D-Bus is a system for sending messages between applications. It is used for\nthe system-wide message bus service and as a per-user-login-session\nmessaging facility.\n\nA denial of service flaw was discovered in the system for sending messages\nbetween applications. A local user could send a message with an excessive\nnumber of nested variants to the system-wide message bus, causing the\nmessage bus (and, consequently, any process using libdbus to receive\nmessages) to abort. (CVE-2010-4352)\n\nAll users are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. For the update to take effect, all\nrunning instances of dbus-daemon and all running applications using the\nlibdbus library must be restarted, or the system rebooted.\n", "modified": "2018-06-06T20:24:36", "published": "2011-03-22T04:00:00", "id": "RHSA-2011:0376", "href": "https://access.redhat.com/errata/RHSA-2011:0376", "type": "redhat", "title": "(RHSA-2011:0376) Moderate: dbus security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:33:59", "bulletinFamily": "unix", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA NULL pointer dereference flaw was found in the Generic Receive Offload\n(GRO) functionality in the Linux kernel's networking implementation. If\nboth GRO and promiscuous mode were enabled on an interface in a virtual LAN\n(VLAN), it could result in a denial of service when a malformed VLAN frame\nis received on that interface. (CVE-2011-1478)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1478.\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for dbus issue\nCVE-2010-4352; kernel issues CVE-2010-4346, CVE-2011-0521, CVE-2011-0710,\nCVE-2011-1010, and CVE-2011-1090; libvirt issue CVE-2011-1146; and openldap\nissue CVE-2011-1024.\n\nThis update also fixes the following bug:\n\n* Previously, network drivers that had Large Receive Offload (LRO) enabled\nby default caused the system to run slow when using software bridging. With\nthis update, Red Hat Enterprise Virtualization Hypervisor disables LRO as a\npart of a modprobe configuration. (BZ#692864)\n\nAlso in this erratum, the rhev-hypervisor-pxe RPM has been dropped.\n\nAs Red Hat Enterprise Virtualization Hypervisor includes Red Hat Enterprise\nVirtualization Manager Agent (VDSM), the bug fixes from the VDSM update\nRHBA-2011:0424 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHBA-2011-0424.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves these issues.\n", "modified": "2019-03-22T23:44:57", "published": "2011-04-13T04:00:00", "id": "RHSA-2011:0439", "href": "https://access.redhat.com/errata/RHSA-2011:0439", "type": "redhat", "title": "(RHSA-2011:0439) Moderate: rhev-hypervisor security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:23", "bulletinFamily": "unix", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2149-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJanuary 20, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : dbus\nVulnerability : denial of service\nProblem type : local\nDebian-specific: no\nDebian bug : none\nCVE ID : CVE-2010-4352\n\nR\u00e9mi Denis-Courmont discovered that dbus, a message bus application,\nis not properly limiting the nesting level when examining messages with\nextensive nested variants. This allows an attacker to crash the dbus system\ndaemon due to a call stack overflow via crafted messages.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.1-5+lenny2.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.2.24-4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.24-4.\n\n\nWe recommend that you upgrade your dbus packages.\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-01-20T16:06:34", "published": "2011-01-20T16:06:34", "id": "DEBIAN:DSA-2149-1:8A000", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00013.html", "title": "[SECURITY] [DSA 2149-1] Security update for dbus", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}]}