Scientific Linux Security Update : dbus-glib on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

It was discovered that dbus-glib did not enforce the 'access' flag on
exported GObject properties. If such a property were read/write
internally but specified as read-only externally, a malicious, local
user could use this flaw to modify that property of an application.
Such a change could impact the application's behavior (for example, if
an IP address were changed the network may not come up properly after
reboot) and possibly lead to a denial of service. (CVE-2010-1172)

Due to the way dbus-glib translates an application's XML definitions
of service interfaces and properties into C code at application build
time, applications built against dbus-glib that use read-only
properties needed to be rebuilt to fully fix the flaw. As such, this
update provides NetworkManager packages that have been rebuilt against
the updated dbus-glib packages. No other applications shipped with
Scientific Linux 5 were affected.

Running instances of NetworkManager must be restarted (service
NetworkManager restart) for this update to take effect.

See also :

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.6

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60833 ()

Bugtraq ID:

CVE ID: CVE-2010-1172