ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0339
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0339)
Resumen:	The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2019-0339 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2019-0339 advisory. Vulnerability Insight: dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~ /.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass (CVE-2019-12749). Affected Software/OS: 'dbus' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12749 BugTraq ID: 108751 http://www.securityfocus.com/bid/108751 Bugtraq: 20190613 [SECURITY] [DSA 4462-1] dbus security update (Google Search) https://seclists.org/bugtraq/2019/Jun/16 Debian Security Information: DSA-4462 (Google Search) https://www.debian.org/security/2019/dsa-4462 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/ https://security.gentoo.org/glsa/201909-08 https://www.openwall.com/lists/oss-security/2019/06/11/2 https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html http://www.openwall.com/lists/oss-security/2019/06/11/2 RedHat Security Advisories: RHSA-2019:1726 https://access.redhat.com/errata/RHSA-2019:1726 RedHat Security Advisories: RHSA-2019:2868 https://access.redhat.com/errata/RHSA-2019:2868 RedHat Security Advisories: RHSA-2019:2870 https://access.redhat.com/errata/RHSA-2019:2870 RedHat Security Advisories: RHSA-2019:3707 https://access.redhat.com/errata/RHSA-2019:3707 SuSE Security Announcement: openSUSE-SU-2019:1604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html SuSE Security Announcement: openSUSE-SU-2019:1671 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html SuSE Security Announcement: openSUSE-SU-2019:1750 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html https://usn.ubuntu.com/4015-1/ https://usn.ubuntu.com/4015-2/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.