NewStart CGSL MAIN 6.06 : dbus Multiple Vulnerabilities (NS-SA-2025-0231)

high Nessus Plugin ID 266270

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has dbus packages installed that are affected by multiple vulnerabilities:

- dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)

- libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.
(CVE-2012-3524)

- Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). (CVE-2006-6107)

- dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. (CVE-2008-0595)

- The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. (CVE-2009-1189)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL dbus packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0231

https://security.gd-linux.com/info/CVE-2006-6107

https://security.gd-linux.com/info/CVE-2008-0595

https://security.gd-linux.com/info/CVE-2009-1189

https://security.gd-linux.com/info/CVE-2012-3524

https://security.gd-linux.com/info/CVE-2013-2168

https://security.gd-linux.com/info/CVE-2014-3477

https://security.gd-linux.com/info/CVE-2014-3533

https://security.gd-linux.com/info/CVE-2014-3635

https://security.gd-linux.com/info/CVE-2014-3636

https://security.gd-linux.com/info/CVE-2014-3637

https://security.gd-linux.com/info/CVE-2014-3638

https://security.gd-linux.com/info/CVE-2014-3639

https://security.gd-linux.com/info/CVE-2014-7824

https://security.gd-linux.com/info/CVE-2015-0245

https://security.gd-linux.com/info/CVE-2019-12749

https://security.gd-linux.com/info/CVE-2020-12049

Plugin Details

Severity: High

ID: 266270

File Name: newstart_cgsl_NS-SA-2025-0231_dbus.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-3524

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-12749

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:dbus, p-cpe:/a:zte:cgsl_main:dbus-daemon, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:dbus-libs, p-cpe:/a:zte:cgsl_main:dbus-common, p-cpe:/a:zte:cgsl_main:dbus-tools

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 12/13/2006

Reference Information

CVE: CVE-2006-6107, CVE-2008-0595, CVE-2009-1189, CVE-2012-3524, CVE-2013-2168, CVE-2014-3477, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824, CVE-2015-0245, CVE-2019-12749, CVE-2020-12049