| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | [OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus) |
| From: | OpenPKG GmbH <openpkg-noreply@openpkg.com> |
| Date: | Thu, 21 Dec 2006 11:19:42 +0100 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
| Organization: | OpenPKG GmbH, http://openpkg.com/ |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.041 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.041 Advisory Published: 2006-12-21 11:19 UTC Issue Id (internal): OpenPKG-SI-20061221.02 Issue First Created: 2006-12-21 Issue Last Modified: 2006-12-21 Issue Revision: 02 ____________________________________________________________________________ Subject Name: D-Bus Subject Summary: message bus system Subject Home: http://www.freedesktop.org/wiki/Software/dbus Subject Versions: * < 1.0.2 Vulnerability Id: CVE-2006-6107 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: Kimmo Hämäläinen found [0] a vendor-confirmed Denial of Service (DoS) vulnerability in the D-Bus [1] message bus system, versions before 1.0.2. The flaw is in the "match_rule_equal" function in "bus/signals.c" and allows local applications to remove match rules for other applications and cause a DoS via lost process messages. References: [0] https://bugs.freedesktop.org/show_bug.cgi?id=9142 [1] http://www.freedesktop.org/wiki/Software/dbus ____________________________________________________________________________ Primary Package Name: dbus Primary Package Home: http://openpkg.org/go/package/dbus Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2-STABLE-20061018 dbus-1.0.2-2.20061221 OpenPKG Community 2-STABLE dbus-1.0.2-2.20061221 OpenPKG Community CURRENT dbus-1.0.2-20061213 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFFil+1ZwQuyWG3rjQRAprBAKChyT+Kf/cmq17O1y6Y0cUzjSlFEACgp+/j 4sOoJB3dAQLFntl9CY/ukk4= =lzaH -----END PGP SIGNATURE----- |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [USN-397-1] mono vulnerability, Kees Cook |
|---|---|
| Next by Date: | NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory, security |
| Previous by Thread: | [USN-397-1] mono vulnerability, Kees Cook |
| Next by Thread: | NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory, security |
| Indexes: | [Date] [Thread] [Top] [All Lists] |