{ "id": "CVE-2009-1189", "sourceIdentifier": "secalert@redhat.com", "published": "2009-04-27T18:00:00.267", "lastModified": "2024-11-21T01:01:52.520", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834." }, { "lang": "es", "value": "La funci\u00f3n _dbus_validate_signature_with_reason (dbus-marshal-validate.c) en D-Bus (tambi\u00e9n conocido como DBus) en versiones anteriores a 1.2.14 utiliza l\u00f3gica incorrecta para validar un tipo b\u00e1sico, lo que permite a atacantes remotos suplantar una firma a trav\u00e9s de una clave manipulada. NOTA: esto es debido a una soluci\u00f3n incorrecta para CVE-2008-3834." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "baseScore": 3.6, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.2.3", "matchCriteriaId": "CB9F83F6-FFF0-456A-87D1-A546FAA09F02" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*", "matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8671706-FC4E-4485-945C-C397C80D859E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "EA580B9B-F975-4667-9ECC-703E2B16D24C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C" } ] } ] } ], "references": [ { "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803", "source": "secalert@redhat.com", "tags": [ "Exploit" ] }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "source": "secalert@redhat.com" }, { "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/32127", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/35810", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/38794", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/31602", "source": "secalert@redhat.com", "tags": [ "Exploit" ] }, { "url": "http://www.vupen.com/english/advisories/2010/0528", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385", "source": "secalert@redhat.com" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308", "source": "secalert@redhat.com" }, { "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html", "source": "secalert@redhat.com" }, { "url": "https://usn.ubuntu.com/799-1/", "source": "secalert@redhat.com" }, { "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/32127", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/35810", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/38794", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/31602", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.vupen.com/english/advisories/2010/0528", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://usn.ubuntu.com/799-1/", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }