Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-653-1: D-Bus vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-653-1: D-Bus vulnerabilities
# 1  
Old 10-14-2008
USN-653-1: D-Bus vulnerabilities
Referenced CVEs:
CVE-2008-0595, CVE-2008-3834


Description:
=========================================================== Ubuntu Security Notice USN-653-1 October 14, 2008 dbus vulnerabilities CVE-2008-0595, CVE-2008-3834 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdbus-1-2 0.60-6ubuntu8.3 Ubuntu 7.04: libdbus-1-3 1.0.2-1ubuntu4.2 Ubuntu 7.10: libdbus-1-3 1.1.1-3ubuntu4.2 Ubuntu 8.04 LTS: libdbus-1-3 1.1.20-1ubuntu3.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies. If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a "send_interface" defined. (CVE-2008-0595) It was discovered that the D-Bus library did not correctly validate certain corrupted signatures. If a local user sent a specially crafted D-Bus request, they could crash applications linked against the D-Bus library, leading to a denial of service. (CVE-2008-3834)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

dbus-monitor

dbus-monitor(1) 						   User Commands						   dbus-monitor(1)

NAME

       dbus-monitor - debug probe to print message bus messages

SYNOPSIS

       dbus-monitor [--system | --session] [--profile | --monitor] [watch_expressions]

DESCRIPTION

       The dbus-monitor command is used to monitor messages going through a D-Bus message bus.

       There are two standard message buses:

	 o  systemwide message bus - Disabled and not supported on Solaris, but installed on many systems as the "messagebus" init service.

	 o  per-user-login-session message bus - Enabled and supported on Solaris, and started each time a user logs in.

       The --system and --session options direct dbus-monitor to monitor the system or session buses respectively.  If neither is specified, dbus-
       monitor monitors the session bus.

       dbus-monitor has two different output modes, the 'classic'-style monitoring mode and profiling mode. The profiling format is a compact for-
       mat with a single line per message and microsecond-resolution timing information.  The --profile and --monitor options select the profiling
       and monitoring output format respectively.  If neither is specified, dbus-monitor uses the monitoring output format.

       The message bus configuration may keep dbus-monitor from seeing all messages, especially if you run the monitor as a non-root user.

       See http://www.freedesktop.org/software/dbus/ for more information.

OPTIONS

       The following options are supported:

       --monitor

	   Use the monitoring output format (this is the default).

       --profile

	   Use the profiling output format.

       --session

	   Monitor the session message bus (this is the default).

       --system

	   Monitor the system message bus.  The system bus is disabled and unsupported on Solaris.

OPERANDS

       The following operands are supported:

       watch_expressions       In order to display the messages you are interested in, you should specify a set of watch_expressions as you  would
			       expect to be passed to the dbus_bus_add_watch function.

EXIT STATUS

       The following exit values are returned:

       0	Application exited successfully

       >0	Application exited with failure

FILES

       The following files are used by this application:

       /usr/bin/dbus-monitor	       Executable for dbus-monitor

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWdbus			   |
       +-----------------------------+-----------------------------+
       |Interface stability	     |Volatile			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       dbus-cleanup-sockets(1), dbus-daemon(1), dbus-launch(1), dbus-send(1), dbus-uuidgen(1), libdbus-glib-1(3), attributes(5)

NOTES

       For authorship information refer to http://www.freedesktop.org/software/dbus/doc/AUTHORS.  Updated by Brian Cameron, Sun Microsystems Inc.,
       2007.

       dbus-monitor was written by Philip Blundell.  The profiling output mode was added by Olli Salli.

       Please send bug reports to the D-Bus mailing list or bug tracker, see http://www.freedesktop.org/software/dbus/

SunOS 5.11							    19 Nov 2007 						   dbus-monitor(1)