Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1189

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2009-1189
Last Modified 21 Aug 2010 12:00:00
Published 27 Apr 2009 02:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-1189

Summary

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

Vulnerable Systems

Application

  • Freedesktop Dbus 0.1

  • Freedesktop Dbus 0.10

  • Freedesktop Dbus 0.11

  • Freedesktop Dbus 0.12

  • Freedesktop Dbus 0.13

  • Freedesktop Dbus 0.2

  • Freedesktop Dbus 0.20

  • Freedesktop Dbus 0.21

  • Freedesktop Dbus 0.22

  • Freedesktop Dbus 0.23

  • Freedesktop Dbus 0.23.1

  • Freedesktop Dbus 0.23.2

  • Freedesktop Dbus 0.23.3

  • Freedesktop Dbus 0.3

  • Freedesktop Dbus 0.31

  • Freedesktop Dbus 0.32

  • Freedesktop Dbus 0.33

  • Freedesktop Dbus 0.34

  • Freedesktop Dbus 0.35

  • Freedesktop Dbus 0.35.1

  • Freedesktop Dbus 0.35.2

  • Freedesktop Dbus 0.36

  • Freedesktop Dbus 0.36.1

  • Freedesktop Dbus 0.36.2

  • Freedesktop Dbus 0.4

  • Freedesktop Dbus 0.5

  • Freedesktop Dbus 0.50

  • Freedesktop Dbus 0.6

  • Freedesktop Dbus 0.60

  • Freedesktop Dbus 0.61

  • Freedesktop Dbus 0.62

  • Freedesktop Dbus 0.7

  • Freedesktop Dbus 0.8

  • Freedesktop Dbus 0.9

  • Freedesktop Dbus 0.90

  • Freedesktop Dbus 0.91

  • Freedesktop Dbus 0.92

  • Freedesktop Dbus 1.0

  • Freedesktop Dbus 1.0.2

  • Freedesktop Dbus 1.1.0

  • Freedesktop Dbus 1.1.1

  • Freedesktop Dbus 1.1.2

  • Freedesktop Dbus 1.1.20

  • Freedesktop Dbus 1.1.4

  • Freedesktop Dbus 1.2.1

  • Freedesktop Dbus 1.2.3


References

CONFIRM - http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a

REDHAT - RHSA-2010:0095

XF - dbus-dbusmarshalvalidate-spoofing(50385)

VUPEN - ADV-2010-0528

BID - 31602

MLIST - [oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)

SECUNIA - 38794

SECUNIA - 35810

SECUNIA - 32127

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

CONFIRM - http://bugs.freedesktop.org/show_bug.cgi?id=17803


Last Updated: 27 May 2016 10:50:29