Detections
Analytics
Mandriva Linux Security Advisory : dbus (MDVSA-2008:054)
medium Nessus Plugin ID 36700
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to.The updated packages have been patched to correct these issues.
Users will have to reboot the system once these packages have been installed in order to prevent problems due to service dependencies on the messagebus service.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 36700
File Name: mandriva_MDVSA-2008-054.nasl
Version: 1.14
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.3
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:dbus, p-cpe:/a:mandriva:linux:dbus-x11, p-cpe:/a:mandriva:linux:lib64dbus-1_3, p-cpe:/a:mandriva:linux:lib64dbus-1_3-devel, p-cpe:/a:mandriva:linux:libdbus-1_3, p-cpe:/a:mandriva:linux:libdbus-1_3-devel, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 2/28/2008
Reference Information
CVE: CVE-2008-0595
CWE: 264
MDVSA: 2008:054