Executive Summary
Summary | |
---|---|
Title | dbus security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:1132 | First vendor Publication | 2011-08-09 |
Vendor | RedHat | Last vendor Modification | 2011-08-09 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 712676 - CVE-2011-2200 dbus: Local DoS via messages with non-native byte order |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-1132.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13734 | |||
Oval ID: | oval:org.mitre.oval:def:13734 | ||
Title: | USN-1176-1 -- dbus vulnerability | ||
Description: | dbus: simple interprocess messaging system DBus could be made to crash if it processed a specially crafted message. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1176-1 CVE-2011-2200 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | dbus |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22095 | |||
Oval ID: | oval:org.mitre.oval:def:22095 | ||
Title: | RHSA-2011:1132: dbus security update (Moderate) | ||
Description: | The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1132-01 CESA-2011:1132 CVE-2011-2200 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | dbus |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22942 | |||
Oval ID: | oval:org.mitre.oval:def:22942 | ||
Title: | DEPRECATED: ELSA-2011:1132: dbus security update (Moderate) | ||
Description: | The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1132-01 CVE-2011-2200 | Version: | 7 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | dbus |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23558 | |||
Oval ID: | oval:org.mitre.oval:def:23558 | ||
Title: | ELSA-2011:1132: dbus security update (Moderate) | ||
Description: | The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1132-01 CVE-2011-2200 | Version: | 6 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | dbus |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28132 | |||
Oval ID: | oval:org.mitre.oval:def:28132 | ||
Title: | DEPRECATED: ELSA-2011-1132 -- dbus security update (moderate) | ||
Description: | [1:1.2.24-5] - Merge changes from RHEL-6 branch: * Drop default patch fuzz * Merge CVE-2010-4352.patch from RHEL-6_0-Z - Apply patches for CVE-2011-2200 - Resolves: #725313 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1132 CVE-2011-2200 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | dbus |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for dbus CESA-2011:1132 centos5 x86_64 File : nvt/gb_CESA-2011_1132_dbus_centos5_x86_64.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-14 (D-Bus) File : nvt/glsa_201110_14.nasl |
2011-09-23 | Name : CentOS Update for dbus CESA-2011:1132 centos5 i386 File : nvt/gb_CESA-2011_1132_dbus_centos5_i386.nasl |
2011-08-18 | Name : Fedora Update for dbus FEDORA-2011-9817 File : nvt/gb_fedora_2011_9817_dbus_fc14.nasl |
2011-08-12 | Name : RedHat Update for dbus RHSA-2011:1132-01 File : nvt/gb_RHSA-2011_1132-01_dbus.nasl |
2011-08-12 | Name : Fedora Update for dbus FEDORA-2011-9891 File : nvt/gb_fedora_2011_9891_dbus_fc15.nasl |
2011-08-02 | Name : Ubuntu Update for dbus USN-1176-1 File : nvt/gb_ubuntu_USN_1176_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72896 | D-Bus dbus-marshal-header.c _dbus_header_byteswap Function Message Byte Order... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dbus-1-110805.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dbus-1-110805.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1132.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110809_dbus_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dbus-1-7592.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-14.nasl - Type : ACT_GATHER_INFO |
2011-09-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1132.nasl - Type : ACT_GATHER_INFO |
2011-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9817.nasl - Type : ACT_GATHER_INFO |
2011-08-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1132.nasl - Type : ACT_GATHER_INFO |
2011-08-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9891.nasl - Type : ACT_GATHER_INFO |
2011-07-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1176-1.nasl - Type : ACT_GATHER_INFO |
2011-07-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_dbus-1-110628.nasl - Type : ACT_GATHER_INFO |
2011-07-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dbus-1-7593.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:58 |
|