Executive Summary

Summary
Title D-Bus vulnerability
Informations
NameUSN-799-1First vendor Publication2009-07-13
VendorUbuntuLast vendor Modification2009-07-13
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score3.6Attack RangeLocal
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
libdbus-1-2 0.60-6ubuntu8.4

Ubuntu 8.04 LTS:
libdbus-1-3 1.1.20-1ubuntu3.3

Ubuntu 8.10:
libdbus-1-3 1.2.4-0ubuntu1.1

Ubuntu 9.04:
libdbus-1-3 1.2.12-0ubuntu2.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

It was discovered that the D-Bus library did not correctly validate signatures. If a local user sent a specially crafted D-Bus key, they could spoof a valid signature and bypass security policies.

Original Source

Url : http://www.ubuntu.com/usn/USN-799-1

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2016-04-27 00:30:35
  • Multiple Updates
2014-02-17 12:06:04
  • Multiple Updates
2013-05-11 00:56:05
  • Multiple Updates