CVE-2009-1189

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

References

http://bugs.freedesktop.org/show_bug.cgi?id=17803

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://secunia.com/advisories/32127

http://secunia.com/advisories/35810

http://secunia.com/advisories/38794

http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a

http://www.openwall.com/lists/oss-security/2009/04/16/13

http://www.securityfocus.com/bid/31602

http://www.vupen.com/english/advisories/2010/0528

https://exchange.xforce.ibmcloud.com/vulnerabilities/50385

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://usn.ubuntu.com/799-1/

Details

Source: MITRE

Published: 2009-04-27

Updated: 2018-10-03

Type: CWE-20

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* versions up to 1.2.3 (inclusive)

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
89737VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)NessusVMware ESX Local Security Checks
high
67981Oracle Linux 5 : dbus (ELSA-2010-0018)NessusOracle Linux Local Security Checks
low
60715Scientific Linux Security Update : dbus on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
low
57177SuSE 10 Security Update : dbus (ZYPP Patch Number 7482)NessusSuSE Local Security Checks
low
53590SuSE 10 Security Update : dbus (ZYPP Patch Number 7483)NessusSuSE Local Security Checks
low
53587SuSE 11.1 Security Update : dbus (SAT Patch Number 4434)NessusSuSE Local Security Checks
low
44993VMSA-2010-0004 : ESX Service Console and vMA third-party updatesNessusVMware ESX Local Security Checks
high
44702Debian DSA-1837-1 : dbus - programming errorNessusDebian Local Security Checks
low
43819RHEL 5 : dbus (RHSA-2010:0018)NessusRed Hat Local Security Checks
low
43817CentOS 5 : dbus (CESA-2010:0018)NessusCentOS Local Security Checks
low
42046Mandriva Linux Security Advisory : dbus (MDVSA-2009:256-1)NessusMandriva Local Security Checks
low
39786Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : dbus vulnerability (USN-799-1)NessusUbuntu Local Security Checks
low