Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0008

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63113

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0008

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0008.;;D-Bus is a system for sending messages between applications. It is used for;the system-wide message bus service and as a per-user-login-session;messaging facility.;;A denial-of-service flaw was discovered in the system for sending messages;between applications. A local user could send a message with a malformed;signature to the bus causing the bus (and, consequently, any process using;libdbus to receive messages) to abort. (CVE-2008-3834);;All users are advised to upgrade to these updated dbus packages, which;contain backported patch which resolve this issue. For the update to take;effect, all running instances of dbus-daemon and all running applications;using libdbus library must be restarted, or the system rebooted.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0008.

D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.

A denial-of-service flaw was discovered in the system for sending messages
between applications. A local user could send a message with a malformed
signature to the bus causing the bus (and, consequently, any process using
libdbus to receive messages) to abort. (CVE-2008-3834)

All users are advised to upgrade to these updated dbus packages, which
contain backported patch which resolve this issue. For the update to take
effect, all running instances of dbus-daemon and all running applications
using libdbus library must be restarted, or the system rebooted.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3834
1021063
http://www.securitytracker.com/id?1021063
31602
http://www.securityfocus.com/bid/31602
32127
http://secunia.com/advisories/32127
32230
http://secunia.com/advisories/32230
32281
http://secunia.com/advisories/32281
32385
http://secunia.com/advisories/32385
33396
http://secunia.com/advisories/33396
7822
https://www.exploit-db.com/exploits/7822
ADV-2008-2762
http://www.vupen.com/english/advisories/2008/2762
DSA-1658
http://www.debian.org/security/2008/dsa-1658
FEDORA-2008-8764
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html
MDVSA-2008:213
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
RHSA-2009:0008
http://www.redhat.com/support/errata/RHSA-2009-0008.html
SUSE-SR:2008:027
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
USN-653-1
http://www.ubuntu.com/usn/usn-653-1
dbus-dbusvalidatesignaturewithreason-dos(45701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
https://bugs.freedesktop.org/show_bug.cgi?id=17803
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
openSUSE-SU-2012:1418
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
oval:org.mitre.oval:def:10253
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63113
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0008
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0008.;;D-Bus is a system for sending messages between applications. It is used for;the system-wide message bus service and as a per-user-login-session;messaging facility.;;A denial-of-service flaw was discovered in the system for sending messages;between applications. A local user could send a message with a malformed;signature to the bus causing the bus (and, consequently, any process using;libdbus to receive messages) to abort. (CVE-2008-3834);;All users are advised to upgrade to these updated dbus packages, which;contain backported patch which resolve this issue. For the update to take;effect, all running instances of dbus-daemon and all running applications;using libdbus library must be restarted, or the system rebooted.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0008. D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with a malformed signature to the bus causing the bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2008-3834) All users are advised to upgrade to these updated dbus packages, which contain backported patch which resolve this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using libdbus library must be restarted, or the system rebooted. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3834 1021063 http://www.securitytracker.com/id?1021063 31602 http://www.securityfocus.com/bid/31602 32127 http://secunia.com/advisories/32127 32230 http://secunia.com/advisories/32230 32281 http://secunia.com/advisories/32281 32385 http://secunia.com/advisories/32385 33396 http://secunia.com/advisories/33396 7822 https://www.exploit-db.com/exploits/7822 ADV-2008-2762 http://www.vupen.com/english/advisories/2008/2762 DSA-1658 http://www.debian.org/security/2008/dsa-1658 FEDORA-2008-8764 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html MDVSA-2008:213 http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 RHSA-2009:0008 http://www.redhat.com/support/errata/RHSA-2009-0008.html SUSE-SR:2008:027 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html USN-653-1 http://www.ubuntu.com/usn/usn-653-1 dbus-dbusvalidatesignaturewithreason-dos(45701) https://exchange.xforce.ibmcloud.com/vulnerabilities/45701 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a https://bugs.freedesktop.org/show_bug.cgi?id=17803 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html oval:org.mitre.oval:def:10253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
Copyright	Copyright (C) 2009 E-Soft Inc.