PRIOn knowledge basePRION:CVE-2009-1189

HistoryApr 27, 2009 - 6:00 p.m.

Design/Logic Flaw

2009-04-2718:00:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%

JSON

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

CPENameOperatorVersion
dbuseq0.13
dbuseq0.60
dbuseq1.1.2
dbuseq0.34
dbuseq0.92
dbuseq0.50
dbusle1.2.3
dbuseq0.35.1
dbuseq0.5
dbuseq0.36.1

Name	Operator	Version
dbus	eq	0.13
dbus	eq	0.60
dbus	eq	1.1.2
dbus	eq	0.34
dbus	eq	0.92
dbus	eq	0.50
dbus	le	1.2.3
dbus	eq	0.35.1
dbus	eq	0.5
dbus	eq	0.36.1

Rows per page:

1-10 of 491

References

bugs.freedesktop.org/show_bug.cgi?id=17803

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.vmware.com/pipermail/security-announce/2010/000082.html

secunia.com/advisories/32127

secunia.com/advisories/35810

secunia.com/advisories/38794

www.freedesktop.org/wiki/Software/dbus

www.openwall.com/lists/oss-security/2009/04/16/13

www.securityfocus.com/bid/31602

www.vupen.com/english/advisories/2010/0528

exchange.xforce.ibmcloud.com/vulnerabilities/50385

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308

rhn.redhat.com/errata/RHSA-2010-0095.html

usn.ubuntu.com/799-1/

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for PRION:CVE-2009-1189