ID de Prueba:	1.3.6.1.4.1.25623.1.0.870414
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for dbus RHSA-2011:0376-01
Resumen:	The remote host is missing an update for the 'dbus'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'dbus' package(s) announced via the referenced advisory. Vulnerability Insight: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2010-4352) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. Affected Software/OS: dbus on Red Hat Enterprise Linux (v. 5 server) Solution: Please Install the Updated Packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4352 42580 http://secunia.com/advisories/42580 42760 http://secunia.com/advisories/42760 42911 http://secunia.com/advisories/42911 42960 http://secunia.com/advisories/42960 45377 http://www.securityfocus.com/bid/45377 ADV-2010-3325 http://www.vupen.com/english/advisories/2010/3325 ADV-2011-0161 http://www.vupen.com/english/advisories/2011/0161 ADV-2011-0178 http://www.vupen.com/english/advisories/2011/0178 ADV-2011-0464 http://www.vupen.com/english/advisories/2011/0464 DSA-2149 http://www.debian.org/security/2011/dsa-2149 FEDORA-2010-19166 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html SUSE-SR:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html USN-1044-1 http://www.ubuntu.com/usn/USN-1044-1 [oss-security] 20101216 CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/16/3 [oss-security] 20101216 Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/16/6 [oss-security] 20101221 Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/21/3 http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.remlab.net/op/dbus-variant-recursion.shtml https://bugs.freedesktop.org/show_bug.cgi?id=32321 https://bugzilla.redhat.com/show_bug.cgi?id=663673 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.