Executive Summary
Summary | |
---|---|
Title | dbus security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0008 | First vendor Publication | 2007-02-08 |
Vendor | RedHat | Last vendor Modification | 2007-02-08 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 1.7 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hämäläinen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 218055 - CVE-2006-6107 D-Bus denial of service |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0008.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9951 | |||
Oval ID: | oval:org.mitre.oval:def:9951 | ||
Title: | Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). | ||
Description: | Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-6107 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 7 |
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for dbus vulnerability USN-401-1 File : nvt/gb_ubuntu_USN_401_1.nasl |
2008-09-04 | Name : FreeBSD Ports: dbus File : nvt/freebsd_dbus.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
32279 | D-Bus match_rule_equal() Function Rule Manipulation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-750.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0008.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-401-1.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-233.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0008.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0008.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5b47b70d8ba911db81d500123ffe8333.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:21 |
|