Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4192
HistoryOct 10, 2008 - 12:00 a.m.

D-Bus dbus_signature_validate()类型签名拒绝服务漏洞

2008-10-1000:00:00
Root
www.seebug.org
25

0.012 Low

EPSS

Percentile

83.5%

JSON

BUGTRAQ ID: 31602
CVE(CAN) ID: CVE-2008-3834

D-BUS是一个设计目标为应用程序间通信的消息总线系统。

D-BUS的_dbus_validate_signature_with_reason()函数没有正确地验证类型代码:

  if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
      !dbus_type_is_basic (*p))
    {
      result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
      goto out;
    }

如果使用D-Bus的应用受骗验证了特制的签名的话,就可能会终止。

D-Bus 1.2.1
D-Bus

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9” target=“_blank”>http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9</a>


                                                #include &lt;dbus/dbus.h&gt;

int main ()
{
   return !dbus_signature_validate(&quot;a{(ii)i}&quot;, NULL);
}

Related

packetstorm 1
nessus 21
openvas 28
exploitpack 1
gentoo 1
seebug 3
debian 1
oraclelinux 2
cvelist 2
ubuntucve 2
debiancve 2
veracode 1
osv 1
redhat 1
fedora 1
prion 2
centos 1
cve 1
exploitdb 1
ubuntu 1
packetstorm
packetstorm
D-Bus Daemon Denial Of Service
2009-01-20 00:00:00
nessus
nessus
Debian DSA-1658-1 : dbus - programming error
2008-10-24 00:00:00
openSUSE 10 Security Update : dbus-1 (dbus-1-5683)
2008-10-17 00:00:00
Oracle Linux 5 : dbus (ELSA-2009-0008)
2013-07-12 00:00:00
openvas
openvas
SLES10: Security update for dbus
2009-10-13 00:00:00
CentOS Security Advisory CESA-2009:0008 (dbus)
2009-01-13 00:00:00
CentOS Security Advisory CESA-2009:0008 (dbus)
2009-01-13 00:00:00
exploitpack
exploitpack
D-Bus Daemon 1.2.4 - libdbus Denial of Service
2009-01-19 00:00:00
gentoo
gentoo
D-Bus: Denial of service
2009-01-11 00:00:00
seebug
seebug
D-Bus 'dbus_signature_validate()'类型签名拒绝服务漏洞
2008-10-08 00:00:00
D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service Exploit
2014-07-01 00:00:00
D-Bus Daemon &lt; 1.2.4 (libdbus) Denial of Service Exploit
2009-01-19 00:00:00
debian
debian
[SECURITY] [DSA 1658-1] New dbus packages fix denial of service
2008-10-22 19:50:48
oraclelinux
oraclelinux
dbus security update
2009-01-07 00:00:00
dbus security update
2010-01-07 00:00:00
cvelist
cvelist
CVE-2008-3834
2008-10-07 19:00:00
CVE-2009-1189
2009-04-27 17:43:00
ubuntucve
ubuntucve
CVE-2008-3834
2008-10-07 00:00:00
CVE-2009-1189
2009-04-27 00:00:00
debiancve
debiancve
CVE-2008-3834
2008-10-07 21:01:00
CVE-2009-1189
2009-04-27 18:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:30:36
osv
osv
dbus - denial of service
2008-10-22 00:00:00
redhat
redhat
(RHSA-2009:0008) Moderate: dbus security update
2009-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: dbus-1.2.4-1.fc9
2008-10-09 21:35:00
prion
prion
Design/Logic Flaw
2008-10-07 21:01:00
Design/Logic Flaw
2009-04-27 18:00:00
centos
centos
dbus security update
2009-01-08 16:06:24
cve
cve
CVE-2008-3834
2008-10-07 21:01:52
exploitdb
exploitdb
D-Bus Daemon &lt; 1.2.4 - &#039;libdbus&#039; Denial of Service
2009-01-19 00:00:00
ubuntu
ubuntu
D-Bus vulnerabilities
2008-10-14 00:00:00

0.012 Low

EPSS

Percentile

83.5%

JSON
Related for SSV:4192
packetstorm1nessus21openvas28exploitpack1gentoo1seebug3debian1oraclelinux2cvelist2ubuntucve2debiancve2veracode1osv1redhat1fedora1prion2centos1cve1exploitdb1ubuntu1