csaf_opensuse - opensuse-su-2024:10711-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

dbus-1-1.12.20-5.5 on GA media

Notes

Title of the patch

dbus-1-1.12.20-5.5 on GA media

Description of the patch

These are all security issues fixed in the dbus-1-1.12.20-5.5 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10711

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "dbus-1-1.12.20-5.5 on GA media",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "These are all security issues fixed in the dbus-1-1.12.20-5.5 package on the GA media of openSUSE Tumbleweed.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-Tumbleweed-2024-10711",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10711-1.json",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2006-6107 page",
            url: "https://www.suse.com/security/cve/CVE-2006-6107/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2008-0595 page",
            url: "https://www.suse.com/security/cve/CVE-2008-0595/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2008-3834 page",
            url: "https://www.suse.com/security/cve/CVE-2008-3834/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2008-4311 page",
            url: "https://www.suse.com/security/cve/CVE-2008-4311/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2019-12749 page",
            url: "https://www.suse.com/security/cve/CVE-2019-12749/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-12049 page",
            url: "https://www.suse.com/security/cve/CVE-2020-12049/",
         },
      ],
      title: "dbus-1-1.12.20-5.5 on GA media",
      tracking: {
         current_release_date: "2024-06-15T00:00:00Z",
         generator: {
            date: "2024-06-15T00:00:00Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2024:10711-1",
         initial_release_date: "2024-06-15T00:00:00Z",
         revision_history: [
            {
               date: "2024-06-15T00:00:00Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "dbus-1-1.12.20-5.5.aarch64",
                        product: {
                           name: "dbus-1-1.12.20-5.5.aarch64",
                           product_id: "dbus-1-1.12.20-5.5.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-1.12.20-5.5.aarch64",
                        product: {
                           name: "dbus-1-devel-1.12.20-5.5.aarch64",
                           product_id: "dbus-1-devel-1.12.20-5.5.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                        product: {
                           name: "dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                           product_id: "dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-1.12.20-5.5.aarch64",
                        product: {
                           name: "libdbus-1-3-1.12.20-5.5.aarch64",
                           product_id: "libdbus-1-3-1.12.20-5.5.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                        product: {
                           name: "libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                           product_id: "libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "dbus-1-1.12.20-5.5.ppc64le",
                        product: {
                           name: "dbus-1-1.12.20-5.5.ppc64le",
                           product_id: "dbus-1-1.12.20-5.5.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-1.12.20-5.5.ppc64le",
                        product: {
                           name: "dbus-1-devel-1.12.20-5.5.ppc64le",
                           product_id: "dbus-1-devel-1.12.20-5.5.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                        product: {
                           name: "dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                           product_id: "dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-1.12.20-5.5.ppc64le",
                        product: {
                           name: "libdbus-1-3-1.12.20-5.5.ppc64le",
                           product_id: "libdbus-1-3-1.12.20-5.5.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                        product: {
                           name: "libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                           product_id: "libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "dbus-1-1.12.20-5.5.s390x",
                        product: {
                           name: "dbus-1-1.12.20-5.5.s390x",
                           product_id: "dbus-1-1.12.20-5.5.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-1.12.20-5.5.s390x",
                        product: {
                           name: "dbus-1-devel-1.12.20-5.5.s390x",
                           product_id: "dbus-1-devel-1.12.20-5.5.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-32bit-1.12.20-5.5.s390x",
                        product: {
                           name: "dbus-1-devel-32bit-1.12.20-5.5.s390x",
                           product_id: "dbus-1-devel-32bit-1.12.20-5.5.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-1.12.20-5.5.s390x",
                        product: {
                           name: "libdbus-1-3-1.12.20-5.5.s390x",
                           product_id: "libdbus-1-3-1.12.20-5.5.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-32bit-1.12.20-5.5.s390x",
                        product: {
                           name: "libdbus-1-3-32bit-1.12.20-5.5.s390x",
                           product_id: "libdbus-1-3-32bit-1.12.20-5.5.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "dbus-1-1.12.20-5.5.x86_64",
                        product: {
                           name: "dbus-1-1.12.20-5.5.x86_64",
                           product_id: "dbus-1-1.12.20-5.5.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-1.12.20-5.5.x86_64",
                        product: {
                           name: "dbus-1-devel-1.12.20-5.5.x86_64",
                           product_id: "dbus-1-devel-1.12.20-5.5.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                        product: {
                           name: "dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                           product_id: "dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-1.12.20-5.5.x86_64",
                        product: {
                           name: "libdbus-1-3-1.12.20-5.5.x86_64",
                           product_id: "libdbus-1-3-1.12.20-5.5.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libdbus-1-3-32bit-1.12.20-5.5.x86_64",
                        product: {
                           name: "libdbus-1-3-32bit-1.12.20-5.5.x86_64",
                           product_id: "libdbus-1-3-32bit-1.12.20-5.5.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Tumbleweed",
                        product: {
                           name: "openSUSE Tumbleweed",
                           product_id: "openSUSE Tumbleweed",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:tumbleweed",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-1.12.20-5.5.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
            },
            product_reference: "dbus-1-1.12.20-5.5.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-1.12.20-5.5.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
            },
            product_reference: "dbus-1-1.12.20-5.5.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-1.12.20-5.5.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
            },
            product_reference: "dbus-1-1.12.20-5.5.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-1.12.20-5.5.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
            },
            product_reference: "dbus-1-1.12.20-5.5.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-1.12.20-5.5.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
            },
            product_reference: "dbus-1-devel-1.12.20-5.5.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-1.12.20-5.5.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
            },
            product_reference: "dbus-1-devel-1.12.20-5.5.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-1.12.20-5.5.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
            },
            product_reference: "dbus-1-devel-1.12.20-5.5.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-1.12.20-5.5.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
            },
            product_reference: "dbus-1-devel-1.12.20-5.5.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-32bit-1.12.20-5.5.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
            },
            product_reference: "dbus-1-devel-32bit-1.12.20-5.5.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-32bit-1.12.20-5.5.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
            },
            product_reference: "dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-32bit-1.12.20-5.5.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
            },
            product_reference: "dbus-1-devel-32bit-1.12.20-5.5.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "dbus-1-devel-32bit-1.12.20-5.5.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
            },
            product_reference: "dbus-1-devel-32bit-1.12.20-5.5.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-1.12.20-5.5.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
            },
            product_reference: "libdbus-1-3-1.12.20-5.5.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-1.12.20-5.5.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
            },
            product_reference: "libdbus-1-3-1.12.20-5.5.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-1.12.20-5.5.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
            },
            product_reference: "libdbus-1-3-1.12.20-5.5.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-1.12.20-5.5.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
            },
            product_reference: "libdbus-1-3-1.12.20-5.5.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-32bit-1.12.20-5.5.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
            },
            product_reference: "libdbus-1-3-32bit-1.12.20-5.5.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-32bit-1.12.20-5.5.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
            },
            product_reference: "libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-32bit-1.12.20-5.5.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
            },
            product_reference: "libdbus-1-3-32bit-1.12.20-5.5.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libdbus-1-3-32bit-1.12.20-5.5.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            },
            product_reference: "libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2006-6107",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2006-6107",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2006-6107",
               url: "https://www.suse.com/security/cve/CVE-2006-6107",
            },
            {
               category: "external",
               summary: "SUSE Bug 224811 for CVE-2006-6107",
               url: "https://bugzilla.suse.com/224811",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "low",
            },
         ],
         title: "CVE-2006-6107",
      },
      {
         cve: "CVE-2008-0595",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2008-0595",
            },
         ],
         notes: [
            {
               category: "general",
               text: "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2008-0595",
               url: "https://www.suse.com/security/cve/CVE-2008-0595",
            },
            {
               category: "external",
               summary: "SUSE Bug 364532 for CVE-2008-0595",
               url: "https://bugzilla.suse.com/364532",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2008-0595",
      },
      {
         cve: "CVE-2008-3834",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2008-3834",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2008-3834",
               url: "https://www.suse.com/security/cve/CVE-2008-3834",
            },
            {
               category: "external",
               summary: "SUSE Bug 432901 for CVE-2008-3834",
               url: "https://bugzilla.suse.com/432901",
            },
            {
               category: "external",
               summary: "SUSE Bug 495804 for CVE-2008-3834",
               url: "https://bugzilla.suse.com/495804",
            },
            {
               category: "external",
               summary: "SUSE Bug 659934 for CVE-2008-3834",
               url: "https://bugzilla.suse.com/659934",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2008-3834",
      },
      {
         cve: "CVE-2008-4311",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2008-4311",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2008-4311",
               url: "https://www.suse.com/security/cve/CVE-2008-4311",
            },
            {
               category: "external",
               summary: "SUSE Bug 443307 for CVE-2008-4311",
               url: "https://bugzilla.suse.com/443307",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2008-4311",
      },
      {
         cve: "CVE-2019-12749",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2019-12749",
            },
         ],
         notes: [
            {
               category: "general",
               text: "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2019-12749",
               url: "https://www.suse.com/security/cve/CVE-2019-12749",
            },
            {
               category: "external",
               summary: "SUSE Bug 1137832 for CVE-2019-12749",
               url: "https://bugzilla.suse.com/1137832",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
               products: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "important",
            },
         ],
         title: "CVE-2019-12749",
      },
      {
         cve: "CVE-2020-12049",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-12049",
            },
         ],
         notes: [
            {
               category: "general",
               text: "An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
               "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-12049",
               url: "https://www.suse.com/security/cve/CVE-2020-12049",
            },
            {
               category: "external",
               summary: "SUSE Bug 1172505 for CVE-2020-12049",
               url: "https://bugzilla.suse.com/1172505",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:dbus-1-devel-32bit-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-1.12.20-5.5.x86_64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.aarch64",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.ppc64le",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.s390x",
                  "openSUSE Tumbleweed:libdbus-1-3-32bit-1.12.20-5.5.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-12049",
      },
   ],
}

cve-2008-3834

Vulnerability from cvelistv5

Published

2008-10-07 19:00

Modified

2024-08-07 09:53

Severity ?

Summary

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

References

▼	URL	Tags
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:213	vendor-advisory, x_refsource_MANDRIVA
	http://www.debian.org/security/2008/dsa-1658	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/31602	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html	vendor-advisory, x_refsource_SUSE
	https://bugs.freedesktop.org/show_bug.cgi?id=17803	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1021063	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/45701	vdb-entry, x_refsource_XF
	https://www.exploit-db.com/exploits/7822	exploit, x_refsource_EXPLOIT-DB
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834	x_refsource_CONFIRM
	http://secunia.com/advisories/32385	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/32281	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html	vendor-advisory, x_refsource_FEDORA
	http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a	x_refsource_CONFIRM
	http://secunia.com/advisories/32230	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253	vdb-entry, signature, x_refsource_OVAL
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/2762	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/33396	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32127	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-0008.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/usn-653-1	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T09:53:00.382Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDVSA-2008:213",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213",
               },
               {
                  name: "DSA-1658",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1658",
               },
               {
                  name: "31602",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/31602",
               },
               {
                  name: "openSUSE-SU-2012:1418",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=17803",
               },
               {
                  name: "1021063",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1021063",
               },
               {
                  name: "dbus-dbusvalidatesignaturewithreason-dos(45701)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701",
               },
               {
                  name: "7822",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/7822",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834",
               },
               {
                  name: "32385",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32385",
               },
               {
                  name: "SUSE-SR:2008:027",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
               },
               {
                  name: "32281",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32281",
               },
               {
                  name: "FEDORA-2008-8764",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a",
               },
               {
                  name: "32230",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32230",
               },
               {
                  name: "oval:org.mitre.oval:def:10253",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
               },
               {
                  name: "ADV-2008-2762",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2762",
               },
               {
                  name: "33396",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33396",
               },
               {
                  name: "32127",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32127",
               },
               {
                  name: "RHSA-2009:0008",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2009-0008.html",
               },
               {
                  name: "USN-653-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-653-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "MDVSA-2008:213",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213",
            },
            {
               name: "DSA-1658",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1658",
            },
            {
               name: "31602",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/31602",
            },
            {
               name: "openSUSE-SU-2012:1418",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=17803",
            },
            {
               name: "1021063",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1021063",
            },
            {
               name: "dbus-dbusvalidatesignaturewithreason-dos(45701)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701",
            },
            {
               name: "7822",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/7822",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834",
            },
            {
               name: "32385",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32385",
            },
            {
               name: "SUSE-SR:2008:027",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
            },
            {
               name: "32281",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32281",
            },
            {
               name: "FEDORA-2008-8764",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a",
            },
            {
               name: "32230",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32230",
            },
            {
               name: "oval:org.mitre.oval:def:10253",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
            },
            {
               name: "ADV-2008-2762",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2762",
            },
            {
               name: "33396",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33396",
            },
            {
               name: "32127",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32127",
            },
            {
               name: "RHSA-2009:0008",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2009-0008.html",
            },
            {
               name: "USN-653-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-653-1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-3834",
      datePublished: "2008-10-07T19:00:00",
      dateReserved: "2008-08-27T00:00:00",
      dateUpdated: "2024-08-07T09:53:00.382Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-0595

Vulnerability from cvelistv5

Published

2008-02-29 19:00

Modified

2024-08-07 07:54

Severity ?

Summary

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

References

▼	URL	Tags
	http://secunia.com/advisories/29281	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0694	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2008-0159.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html	vendor-advisory, x_refsource_SUSE
	http://lists.freedesktop.org/archives/dbus/2008-February/009401.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/29160	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29148	third-party-advisory, x_refsource_SECUNIA
	http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/29173	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:054	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/29171	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/489280/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353	vdb-entry, signature, x_refsource_OVAL
	http://securitytracker.com/id?1019512	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/32281	third-party-advisory, x_refsource_SECUNIA
	http://wiki.rpath.com/Advisories:rPSA-2008-0099	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2008/dsa-1599	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/29323	third-party-advisory, x_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-2282	x_refsource_CONFIRM
	http://secunia.com/advisories/30869	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/28023	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/usn-653-1	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T07:54:22.705Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "29281",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29281",
               },
               {
                  name: "ADV-2008-0694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/0694",
               },
               {
                  name: "RHSA-2008:0159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0159.html",
               },
               {
                  name: "openSUSE-SU-2012:1418",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
               },
               {
                  name: "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html",
               },
               {
                  name: "29160",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29160",
               },
               {
                  name: "29148",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29148",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/",
               },
               {
                  name: "FEDORA-2008-2043",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html",
               },
               {
                  name: "29173",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29173",
               },
               {
                  name: "MDVSA-2008:054",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054",
               },
               {
                  name: "29171",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29171",
               },
               {
                  name: "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/489280/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099",
               },
               {
                  name: "oval:org.mitre.oval:def:9353",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353",
               },
               {
                  name: "1019512",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1019512",
               },
               {
                  name: "SUSE-SR:2008:006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html",
               },
               {
                  name: "32281",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32281",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/Advisories:rPSA-2008-0099",
               },
               {
                  name: "FEDORA-2008-2070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html",
               },
               {
                  name: "DSA-1599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1599",
               },
               {
                  name: "29323",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29323",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2282",
               },
               {
                  name: "30869",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30869",
               },
               {
                  name: "28023",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/28023",
               },
               {
                  name: "USN-653-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-653-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-02-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "29281",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29281",
            },
            {
               name: "ADV-2008-0694",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/0694",
            },
            {
               name: "RHSA-2008:0159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0159.html",
            },
            {
               name: "openSUSE-SU-2012:1418",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
            },
            {
               name: "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html",
            },
            {
               name: "29160",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29160",
            },
            {
               name: "29148",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29148",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/",
            },
            {
               name: "FEDORA-2008-2043",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html",
            },
            {
               name: "29173",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29173",
            },
            {
               name: "MDVSA-2008:054",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054",
            },
            {
               name: "29171",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29171",
            },
            {
               name: "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/489280/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099",
            },
            {
               name: "oval:org.mitre.oval:def:9353",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353",
            },
            {
               name: "1019512",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1019512",
            },
            {
               name: "SUSE-SR:2008:006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html",
            },
            {
               name: "32281",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32281",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/Advisories:rPSA-2008-0099",
            },
            {
               name: "FEDORA-2008-2070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html",
            },
            {
               name: "DSA-1599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1599",
            },
            {
               name: "29323",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29323",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2282",
            },
            {
               name: "30869",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30869",
            },
            {
               name: "28023",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/28023",
            },
            {
               name: "USN-653-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-653-1",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2008-0595",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "29281",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29281",
                  },
                  {
                     name: "ADV-2008-0694",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/0694",
                  },
                  {
                     name: "RHSA-2008:0159",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0159.html",
                  },
                  {
                     name: "openSUSE-SU-2012:1418",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
                  },
                  {
                     name: "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
                     refsource: "MLIST",
                     url: "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html",
                  },
                  {
                     name: "29160",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29160",
                  },
                  {
                     name: "29148",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29148",
                  },
                  {
                     name: "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/",
                     refsource: "CONFIRM",
                     url: "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/",
                  },
                  {
                     name: "FEDORA-2008-2043",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html",
                  },
                  {
                     name: "29173",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29173",
                  },
                  {
                     name: "MDVSA-2008:054",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054",
                  },
                  {
                     name: "29171",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29171",
                  },
                  {
                     name: "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/489280/100/0/threaded",
                  },
                  {
                     name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9353",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353",
                  },
                  {
                     name: "1019512",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1019512",
                  },
                  {
                     name: "SUSE-SR:2008:006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html",
                  },
                  {
                     name: "32281",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32281",
                  },
                  {
                     name: "http://wiki.rpath.com/Advisories:rPSA-2008-0099",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/Advisories:rPSA-2008-0099",
                  },
                  {
                     name: "FEDORA-2008-2070",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html",
                  },
                  {
                     name: "DSA-1599",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1599",
                  },
                  {
                     name: "29323",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29323",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-2282",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-2282",
                  },
                  {
                     name: "30869",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30869",
                  },
                  {
                     name: "28023",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/28023",
                  },
                  {
                     name: "USN-653-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-653-1",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-0595",
      datePublished: "2008-02-29T19:00:00",
      dateReserved: "2008-02-05T00:00:00",
      dateUpdated: "2024-08-07T07:54:22.705Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-6107

Vulnerability from cvelistv5

Published

2006-12-14 00:00

Modified

2024-08-07 20:12

Severity ?

Summary

Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).

References

▼	URL	Tags
	http://secunia.com/advisories/23611	third-party-advisory, x_refsource_SECUNIA
	https://bugs.freedesktop.org/show_bug.cgi?id=9142	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/24131	third-party-advisory, x_refsource_SECUNIA
	http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30874	vdb-entry, x_refsource_XF
	http://www.redhat.com/support/errata/RHSA-2007-0008.html	vendor-advisory, x_refsource_REDHAT
	http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/23373	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24059	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951	vdb-entry, signature, x_refsource_OVAL
	https://issues.rpath.com/browse/RPL-860	x_refsource_CONFIRM
	http://secunia.com/advisories/23390	third-party-advisory, x_refsource_SECUNIA
	http://www.freedesktop.org/wiki/Software/dbus	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-401-1	vendor-advisory, x_refsource_UBUNTU
	http://openpkg.com/go/OpenPKG-SA-2006.041	vendor-advisory, x_refsource_OPENPKG
	http://www.securitytracker.com/id?1017608	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/21571	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2006/4988	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T20:12:31.700Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "23611",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23611",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=9142",
               },
               {
                  name: "openSUSE-SU-2012:1418",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
               },
               {
                  name: "24131",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24131",
               },
               {
                  name: "[security-announce] 20070209 rPSA-2006-0233-1 dbus dbus-glib dbus-qt dbus-x11",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html",
               },
               {
                  name: "dbus-matchruleequal-dos(30874)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30874",
               },
               {
                  name: "RHSA-2007:0008",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2007-0008.html",
               },
               {
                  name: "MDKSA-2006:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php",
               },
               {
                  name: "23373",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23373",
               },
               {
                  name: "24059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24059",
               },
               {
                  name: "oval:org.mitre.oval:def:9951",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-860",
               },
               {
                  name: "23390",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23390",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.freedesktop.org/wiki/Software/dbus",
               },
               {
                  name: "USN-401-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-401-1",
               },
               {
                  name: "OpenPKG-SA-2006.041",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_OPENPKG",
                     "x_transferred",
                  ],
                  url: "http://openpkg.com/go/OpenPKG-SA-2006.041",
               },
               {
                  name: "1017608",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1017608",
               },
               {
                  name: "21571",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/21571",
               },
               {
                  name: "ADV-2006-4988",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/4988",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-12-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "23611",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23611",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=9142",
            },
            {
               name: "openSUSE-SU-2012:1418",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
            },
            {
               name: "24131",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24131",
            },
            {
               name: "[security-announce] 20070209 rPSA-2006-0233-1 dbus dbus-glib dbus-qt dbus-x11",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html",
            },
            {
               name: "dbus-matchruleequal-dos(30874)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30874",
            },
            {
               name: "RHSA-2007:0008",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2007-0008.html",
            },
            {
               name: "MDKSA-2006:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php",
            },
            {
               name: "23373",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23373",
            },
            {
               name: "24059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24059",
            },
            {
               name: "oval:org.mitre.oval:def:9951",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-860",
            },
            {
               name: "23390",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23390",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.freedesktop.org/wiki/Software/dbus",
            },
            {
               name: "USN-401-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-401-1",
            },
            {
               name: "OpenPKG-SA-2006.041",
               tags: [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
               ],
               url: "http://openpkg.com/go/OpenPKG-SA-2006.041",
            },
            {
               name: "1017608",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1017608",
            },
            {
               name: "21571",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/21571",
            },
            {
               name: "ADV-2006-4988",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/4988",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2006-6107",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "23611",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/23611",
                  },
                  {
                     name: "https://bugs.freedesktop.org/show_bug.cgi?id=9142",
                     refsource: "CONFIRM",
                     url: "https://bugs.freedesktop.org/show_bug.cgi?id=9142",
                  },
                  {
                     name: "openSUSE-SU-2012:1418",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
                  },
                  {
                     name: "24131",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24131",
                  },
                  {
                     name: "[security-announce] 20070209 rPSA-2006-0233-1 dbus dbus-glib dbus-qt dbus-x11",
                     refsource: "MLIST",
                     url: "http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html",
                  },
                  {
                     name: "dbus-matchruleequal-dos(30874)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30874",
                  },
                  {
                     name: "RHSA-2007:0008",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2007-0008.html",
                  },
                  {
                     name: "MDKSA-2006:233",
                     refsource: "MANDRIVA",
                     url: "http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php",
                  },
                  {
                     name: "23373",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/23373",
                  },
                  {
                     name: "24059",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24059",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9951",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-860",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-860",
                  },
                  {
                     name: "23390",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/23390",
                  },
                  {
                     name: "http://www.freedesktop.org/wiki/Software/dbus",
                     refsource: "CONFIRM",
                     url: "http://www.freedesktop.org/wiki/Software/dbus",
                  },
                  {
                     name: "USN-401-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-401-1",
                  },
                  {
                     name: "OpenPKG-SA-2006.041",
                     refsource: "OPENPKG",
                     url: "http://openpkg.com/go/OpenPKG-SA-2006.041",
                  },
                  {
                     name: "1017608",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1017608",
                  },
                  {
                     name: "21571",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/21571",
                  },
                  {
                     name: "ADV-2006-4988",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/4988",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-6107",
      datePublished: "2006-12-14T00:00:00",
      dateReserved: "2006-11-24T00:00:00",
      dateUpdated: "2024-08-07T20:12:31.700Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-4311

Vulnerability from cvelistv5

Published

2008-12-10 00:00

Modified

2024-08-07 10:08

Severity ?

Summary

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

References

▼	URL	Tags
	https://bugs.freedesktop.org/show_bug.cgi?id=18229	x_refsource_CONFIRM
	http://secunia.com/advisories/33047	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html	vendor-advisory, x_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilities/47138	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/34642	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=474895	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/3355	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	vendor-advisory, x_refsource_SUSE
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/33055	third-party-advisory, x_refsource_SECUNIA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532	x_refsource_CONFIRM
	http://forums.fedoraforum.org/showthread.php?t=206797	x_refsource_CONFIRM
	http://secunia.com/advisories/34360	third-party-advisory, x_refsource_SECUNIA
	http://lists.freedesktop.org/archives/dbus/2008-December/010702.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/32674	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T10:08:35.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=18229",
               },
               {
                  name: "33047",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33047",
               },
               {
                  name: "openSUSE-SU-2012:1418",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
               },
               {
                  name: "dbus-sendreceive-security-bypass(47138)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138",
               },
               {
                  name: "34642",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34642",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=474895",
               },
               {
                  name: "ADV-2008-3355",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/3355",
               },
               {
                  name: "SUSE-SR:2009:008",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html",
               },
               {
                  name: "FEDORA-2008-10907",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html",
               },
               {
                  name: "33055",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33055",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://forums.fedoraforum.org/showthread.php?t=206797",
               },
               {
                  name: "34360",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34360",
               },
               {
                  name: "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html",
               },
               {
                  name: "SUSE-SR:2009:009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
               },
               {
                  name: "32674",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/32674",
               },
               {
                  name: "SUSE-SA:2009:013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-12-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=18229",
            },
            {
               name: "33047",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33047",
            },
            {
               name: "openSUSE-SU-2012:1418",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html",
            },
            {
               name: "dbus-sendreceive-security-bypass(47138)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138",
            },
            {
               name: "34642",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34642",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=474895",
            },
            {
               name: "ADV-2008-3355",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/3355",
            },
            {
               name: "SUSE-SR:2009:008",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html",
            },
            {
               name: "FEDORA-2008-10907",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html",
            },
            {
               name: "33055",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33055",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://forums.fedoraforum.org/showthread.php?t=206797",
            },
            {
               name: "34360",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34360",
            },
            {
               name: "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html",
            },
            {
               name: "SUSE-SR:2009:009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
            },
            {
               name: "32674",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/32674",
            },
            {
               name: "SUSE-SA:2009:013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-4311",
      datePublished: "2008-12-10T00:00:00",
      dateReserved: "2008-09-29T00:00:00",
      dateUpdated: "2024-08-07T10:08:35.156Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-12049

Vulnerability from cvelistv5

Published

2020-06-08 00:00

Modified

2024-08-04 11:48

Severity ?

Summary

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

References

▼	URL	Tags
	https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
	https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16
	http://www.openwall.com/lists/oss-security/2020/06/04/3
	https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18
	https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30
	https://usn.ubuntu.com/4398-1/	vendor-advisory
	https://usn.ubuntu.com/4398-2/	vendor-advisory
	https://security.gentoo.org/glsa/202007-46	vendor-advisory
	https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak
	http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:48:57.950Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/06/04/3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30",
               },
               {
                  name: "USN-4398-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4398-1/",
               },
               {
                  name: "USN-4398-2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4398-2/",
               },
               {
                  name: "GLSA-202007-46",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202007-46",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294",
            },
            {
               url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16",
            },
            {
               url: "http://www.openwall.com/lists/oss-security/2020/06/04/3",
            },
            {
               url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18",
            },
            {
               url: "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30",
            },
            {
               name: "USN-4398-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4398-1/",
            },
            {
               name: "USN-4398-2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4398-2/",
            },
            {
               name: "GLSA-202007-46",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202007-46",
            },
            {
               url: "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak",
            },
            {
               url: "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-12049",
      datePublished: "2020-06-08T00:00:00",
      dateReserved: "2020-04-21T00:00:00",
      dateUpdated: "2024-08-04T11:48:57.950Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-12749

Vulnerability from cvelistv5

Published

2019-06-11 16:11

Modified

2024-12-06 13:09

Severity ?

Summary

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

References

▼	URL	Tags
	https://www.openwall.com/lists/oss-security/2019/06/11/2	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/06/11/2	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4015-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4015-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2019/dsa-4462	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/16	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/108751	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:1726	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201909-08	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2019:2868	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2870	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3707	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-12-06T13:09:22.768Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2019/06/11/2",
               },
               {
                  name: "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/06/11/2",
               },
               {
                  name: "USN-4015-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4015-1/",
               },
               {
                  name: "USN-4015-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4015-2/",
               },
               {
                  name: "DSA-4462",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4462",
               },
               {
                  name: "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Jun/16",
               },
               {
                  name: "108751",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/108751",
               },
               {
                  name: "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html",
               },
               {
                  name: "FEDORA-2019-d5ded5326b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/",
               },
               {
                  name: "openSUSE-SU-2019:1604",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html",
               },
               {
                  name: "openSUSE-SU-2019:1671",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html",
               },
               {
                  name: "RHSA-2019:1726",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1726",
               },
               {
                  name: "openSUSE-SU-2019:1750",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html",
               },
               {
                  name: "GLSA-201909-08",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201909-08",
               },
               {
                  name: "RHSA-2019:2868",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2868",
               },
               {
                  name: "RHSA-2019:2870",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2870",
               },
               {
                  name: "RHSA-2019:3707",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3707",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20241206-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T00:07:24",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.openwall.com/lists/oss-security/2019/06/11/2",
            },
            {
               name: "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/06/11/2",
            },
            {
               name: "USN-4015-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4015-1/",
            },
            {
               name: "USN-4015-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4015-2/",
            },
            {
               name: "DSA-4462",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4462",
            },
            {
               name: "20190613 [SECURITY] [DSA 4462-1] dbus security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Jun/16",
            },
            {
               name: "108751",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/108751",
            },
            {
               name: "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html",
            },
            {
               name: "FEDORA-2019-d5ded5326b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/",
            },
            {
               name: "openSUSE-SU-2019:1604",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html",
            },
            {
               name: "openSUSE-SU-2019:1671",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html",
            },
            {
               name: "RHSA-2019:1726",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1726",
            },
            {
               name: "openSUSE-SU-2019:1750",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html",
            },
            {
               name: "GLSA-201909-08",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201909-08",
            },
            {
               name: "RHSA-2019:2868",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2868",
            },
            {
               name: "RHSA-2019:2870",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2870",
            },
            {
               name: "RHSA-2019:3707",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3707",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-12749",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.openwall.com/lists/oss-security/2019/06/11/2",
                     refsource: "MISC",
                     url: "https://www.openwall.com/lists/oss-security/2019/06/11/2",
                  },
                  {
                     name: "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2019/06/11/2",
                  },
                  {
                     name: "USN-4015-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4015-1/",
                  },
                  {
                     name: "USN-4015-2",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4015-2/",
                  },
                  {
                     name: "DSA-4462",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4462",
                  },
                  {
                     name: "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Jun/16",
                  },
                  {
                     name: "108751",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/108751",
                  },
                  {
                     name: "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html",
                  },
                  {
                     name: "FEDORA-2019-d5ded5326b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/",
                  },
                  {
                     name: "openSUSE-SU-2019:1604",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1671",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html",
                  },
                  {
                     name: "RHSA-2019:1726",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1726",
                  },
                  {
                     name: "openSUSE-SU-2019:1750",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html",
                  },
                  {
                     name: "GLSA-201909-08",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201909-08",
                  },
                  {
                     name: "RHSA-2019:2868",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2868",
                  },
                  {
                     name: "RHSA-2019:2870",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2870",
                  },
                  {
                     name: "RHSA-2019:3707",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3707",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-12749",
      datePublished: "2019-06-11T16:11:45",
      dateReserved: "2019-06-06T00:00:00",
      dateUpdated: "2024-12-06T13:09:22.768Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

cve-2008-3834

Vulnerability from cvelistv5

cve-2008-0595

Vulnerability from cvelistv5

cve-2006-6107

Vulnerability from cvelistv5

cve-2008-4311

Vulnerability from cvelistv5

cve-2020-12049

Vulnerability from cvelistv5

cve-2019-12749

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature