 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.880615 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for dbus-glib CESA-2010:0616 centos5 i386 |
| Resumen: | The remote host is missing an update for the 'dbus-glib'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'dbus-glib' package(s) announced via the referenced advisory. Vulnerability Insight: dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the 'access' flag on exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application's behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172) Due to the way dbus-glib translates an application's XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected. All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect. Affected Software/OS: dbus-glib on CentOS 5 Solution: Please install the updated packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1172 40908 http://secunia.com/advisories/40908 40925 http://secunia.com/advisories/40925 42347 http://www.securityfocus.com/bid/42347 42397 http://secunia.com/advisories/42397 ADV-2010-2063 http://www.vupen.com/english/advisories/2010/2063 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 RHSA-2010:0616 http://www.redhat.com/support/errata/RHSA-2010-0616.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html glib-property-security-bypass(61041) https://exchange.xforce.ibmcloud.com/vulnerabilities/61041 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://support.avaya.com/css/P8/documents/100113103 https://bugzilla.redhat.com/show_bug.cgi?id=585394 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |