D/Bus
===========================================================
Ubuntu Security Notice USN-653-1 October 14, 2008
dbus vulnerabilities
CVE-2008-0595, CVE-2008-3834
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: D-Bus: Multiple vulnerabilities
Date: October 21, 2011
Bugs: #348766, #371261, #372743
ID: 201110-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: D-Bus: Denial of Service
Date: January 11, 2009
Bugs: #240308
ID: 200901-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
necessary changes.
Details follow:
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users' network connection passwords and pre-shared keys.
(CVE-2009-0365)
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
Mandriva Linux Security Advisory MDVSA-2009:256-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dbus
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:256
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dbus
Date : October 6, 2009
Affected: 2008.1, 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-2149-1 security@debian.org
http://www.debian.org/security/ Nico Golde
January 20, 2011 http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : dbus
Vulnerability : denial of service
Problem type : local
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-4352
Mandriva Linux Security Advisory MDVSA-2008:213
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dbus
Date : October 15, 2008
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1658-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
October 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3834
Debian Bug : 501443
===========================================================
Ubuntu Security Notice USN-1044-1 January 18, 2011
dbus vulnerability
CVE-2010-4352
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.10
1. Summary
ESX Service Console updates for newt, nfs-utils, and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
bind, expat, openssh, ntp and kernel packages.
2. Relevant releases
VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
===========================================================
Ubuntu Security Notice USN-799-1 July 13, 2009
dbus vulnerability
CVE-2009-1189
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Debian Security Advisory DSA-1837-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
July 18, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-1189
Debian Bug : 532720
Debian Security Advisory DSA-1599-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
June 26, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : dbus
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0595
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)
It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)
Updated packages for Ubuntu 8.10:
necessary changes.
Details follow:
Emanuele Aina discovered that Avahi did not properly validate it's input when
processing data over D-Bus. A local attacker could send an empty TXT message
via D-Bus and cause a denial of service (failed assertion). This issue only
affected Ubuntu 6.06 LTS. (CVE-2007-3372)
Hugo Dias discovered that Avahi did not properly verify it's input when
processing mDNS packets. A remote attacker could send a crafted mDNS packet
USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory
provides the corresponding updates for NetworkManager.
It was discovered that NetworkManager did not properly enforce permissions when
responding to dbus requests. A local user could perform dbus queries to view
system and user network connection passwords and pre-shared keys.
Updated packages for Ubuntu 6.06 LTS:
Rating: Minor
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
Updated Versions:
dbus=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-glib=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-qt=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-x11=conary.rpath.com@rpl:1/0.50-2.4-1
rPath Issue Tracking System:
Debian-specific: no
CVE Id : CVE-2009-0365
Debian Bug : 519801
It was discovered that network-manager-applet, a network management
framework, lacks some dbus restriction rules, which allows local users
to obtain sensitive information.
If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf
file, then please make sure that you merge the changes from this fix
when asked during upgrade.
Huge Dias discovered that the avahi daemon aborts with an assert error
if it encounters a UDP packet with source port 0 (CVE-2008-5081).
It was discovered that the avahi daemon aborts with an assert error if
it receives an empty TXT record over D-Bus (CVE-2007-3372).
For the stable distribution (etch), these problems have been fixed in
version 0.6.16-3etch2.
For the unstable distribution (sid), these problems have been fixed in
Problem Description:
An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used in the Bluez bluetooth utilities.
A bluetooth device with an already-trusted relationship, or a local
user registering a service record via a UNIX socket or D-Bus interface,
could cause a crash and potentially execute arbitrary code with the
privileges of the hcid daemon (CVE-2008-2374).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
_______________________________________________________________________
Problem Description:
The Avahi daemon in 0.6.20 and previous allows attackers to cause a
denial of service via empty TXT data over D-Bus, which triggers an
assert error.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
Software Description:
- language-selector: Language selector for Ubuntu Linux
Details:
Romain Perier discovered that the language-selector D-Bus backend did not
correctly check for Policy Kit authorizations. A local attacker could exploit
this to inject shell commands into the system-wide locale configuration file,
leading to root privilege escalation.
Update instructions:
A physically proximate attacker using a Bluetooth device with an
already established trust relationship could send specially crafted
requests, possibly leading to arbitrary code execution or a crash.
Exploitation may also be triggered by a local attacker registering a
service record via a UNIX socket or D-Bus interface.
Workaround
==========
There is no known workaround at this time.
B. Security Updates adopted from Ubuntu
- ---------------------------------------
All Ubuntu Security Updates released since the last UPR-release until
20081202 are installed:
alacarte base-files dbus dbus-x11 firefox firefox-3.0
firefox-3.0-gnome-support firefox-gnome-support foo2zjs hpijs hplip
hplip-data libdbus-1-3 libgnutls13 libsmbclient libxml2 libxml2-utils
linux-restricted-modules-common login logrotate module-init-tools
openoffice.org-base-core openoffice.org-calc openoffice.org-common
openoffice.org-core openoffice.org-draw openoffice.org-gnome
In general, a standard system update will make all the necessary changes.
Details follow:
Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain
arguments when using its D-Bus interface. A local attacker could use this
flaw to bypass security restrictions and view sensitive information by
reading arbitrary files.
Updated packages for Ubuntu 10.10:
Mandriva Linux Security Advisory MDVSA-2008:054
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dbus
Date : February 28, 2008
Affected: 2007.0, 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
1 net-misc/wicd < 1.5.9 >= 1.5.9
Description
===========
Tiziano Mueller of Gentoo discovered that the DBus configuration file
for Wicd allows arbitrary users to own the org.wicd.daemon object.
Impact
======
|
