Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:256 (dbus)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.65733
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:256 (dbus)
Summary:	The remote host is missing an update to dbus;announced via advisory MDVSA-2009:256.
Description:	Summary: The remote host is missing an update to dbus announced via advisory MDVSA-2009:256. Vulnerability Insight: A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. Affected: 2008.1, 2009.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3834 1021063 http://www.securitytracker.com/id?1021063 31602 http://www.securityfocus.com/bid/31602 32127 http://secunia.com/advisories/32127 32230 http://secunia.com/advisories/32230 32281 http://secunia.com/advisories/32281 32385 http://secunia.com/advisories/32385 33396 http://secunia.com/advisories/33396 7822 https://www.exploit-db.com/exploits/7822 ADV-2008-2762 http://www.vupen.com/english/advisories/2008/2762 DSA-1658 http://www.debian.org/security/2008/dsa-1658 FEDORA-2008-8764 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html MDVSA-2008:213 http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 RHSA-2009:0008 http://www.redhat.com/support/errata/RHSA-2009-0008.html SUSE-SR:2008:027 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html USN-653-1 http://www.ubuntu.com/usn/usn-653-1 dbus-dbusvalidatesignaturewithreason-dos(45701) https://exchange.xforce.ibmcloud.com/vulnerabilities/45701 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a https://bugs.freedesktop.org/show_bug.cgi?id=17803 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html oval:org.mitre.oval:def:10253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253 Common Vulnerability Exposure (CVE) ID: CVE-2009-1189 35810 http://secunia.com/advisories/35810 38794 http://secunia.com/advisories/38794 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html USN-799-1 https://usn.ubuntu.com/799-1/ [oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) http://www.openwall.com/lists/oss-security/2009/04/16/13 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html dbus-dbusmarshalvalidate-spoofing(50385) https://exchange.xforce.ibmcloud.com/vulnerabilities/50385 http://bugs.freedesktop.org/show_bug.cgi?id=17803 oval:org.mitre.oval:def:10308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308
Copyright	Copyright (C) 2009 E-Soft Inc.