Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:256-1 (dbus)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.66422
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2009:256-1 (dbus)
Zusammenfassung:	The remote host is missing an update to dbus;announced via advisory MDVSA-2009:256-1.
Beschreibung:	Summary: The remote host is missing an update to dbus announced via advisory MDVSA-2009:256-1. Vulnerability Insight: A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3834 1021063 http://www.securitytracker.com/id?1021063 31602 http://www.securityfocus.com/bid/31602 32127 http://secunia.com/advisories/32127 32230 http://secunia.com/advisories/32230 32281 http://secunia.com/advisories/32281 32385 http://secunia.com/advisories/32385 33396 http://secunia.com/advisories/33396 7822 https://www.exploit-db.com/exploits/7822 ADV-2008-2762 http://www.vupen.com/english/advisories/2008/2762 DSA-1658 http://www.debian.org/security/2008/dsa-1658 FEDORA-2008-8764 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html MDVSA-2008:213 http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 RHSA-2009:0008 http://www.redhat.com/support/errata/RHSA-2009-0008.html SUSE-SR:2008:027 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html USN-653-1 http://www.ubuntu.com/usn/usn-653-1 dbus-dbusvalidatesignaturewithreason-dos(45701) https://exchange.xforce.ibmcloud.com/vulnerabilities/45701 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a https://bugs.freedesktop.org/show_bug.cgi?id=17803 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html oval:org.mitre.oval:def:10253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253 Common Vulnerability Exposure (CVE) ID: CVE-2009-1189 35810 http://secunia.com/advisories/35810 38794 http://secunia.com/advisories/38794 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html USN-799-1 https://usn.ubuntu.com/799-1/ [oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) http://www.openwall.com/lists/oss-security/2009/04/16/13 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html dbus-dbusmarshalvalidate-spoofing(50385) https://exchange.xforce.ibmcloud.com/vulnerabilities/50385 http://bugs.freedesktop.org/show_bug.cgi?id=17803 oval:org.mitre.oval:def:10308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308
Copyright	Copyright (C) 2009 E-Soft Inc.