ID de Prueba:	1.3.6.1.4.1.25623.1.0.66647
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0018
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0018. D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for sending messages between applications. A local user could use this flaw to send a message with a malformed signature to the bus, causing the bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2009-1189) Note: Users running any application providing services over the system message bus are advised to test this update carefully before deploying it in production environments. All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0018.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 3.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1189 31602 http://www.securityfocus.com/bid/31602 32127 http://secunia.com/advisories/32127 35810 http://secunia.com/advisories/35810 38794 http://secunia.com/advisories/38794 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html USN-799-1 https://usn.ubuntu.com/799-1/ [oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) http://www.openwall.com/lists/oss-security/2009/04/16/13 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html dbus-dbusmarshalvalidate-spoofing(50385) https://exchange.xforce.ibmcloud.com/vulnerabilities/50385 http://bugs.freedesktop.org/show_bug.cgi?id=17803 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a oval:org.mitre.oval:def:10308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308 Common Vulnerability Exposure (CVE) ID: CVE-2008-3834 1021063 http://www.securitytracker.com/id?1021063 32230 http://secunia.com/advisories/32230 32281 http://secunia.com/advisories/32281 32385 http://secunia.com/advisories/32385 33396 http://secunia.com/advisories/33396 7822 https://www.exploit-db.com/exploits/7822 ADV-2008-2762 http://www.vupen.com/english/advisories/2008/2762 DSA-1658 http://www.debian.org/security/2008/dsa-1658 FEDORA-2008-8764 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html MDVSA-2008:213 http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 RHSA-2009:0008 http://www.redhat.com/support/errata/RHSA-2009-0008.html SUSE-SR:2008:027 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html USN-653-1 http://www.ubuntu.com/usn/usn-653-1 dbus-dbusvalidatesignaturewithreason-dos(45701) https://exchange.xforce.ibmcloud.com/vulnerabilities/45701 https://bugs.freedesktop.org/show_bug.cgi?id=17803 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html oval:org.mitre.oval:def:10253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.