Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus)

from [OpenPKG GmbH] Network Security [Permanent Link]
Subject: [OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus)
Date: Thu, 21 Dec 2006 11:19:42 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.041
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.041
Advisory Published:      2006-12-21 11:19 UTC

Issue Id (internal):     OpenPKG-SI-20061221.02
Issue First Created:     2006-12-21
Issue Last Modified:     2006-12-21
Issue Revision:          02
____________________________________________________________________________

Subject Name:            D-Bus
Subject Summary:         message bus system
Subject Home:            http://www.freedesktop.org/wiki/Software/dbus
Subject Versions:        * < 1.0.2

Vulnerability Id:        CVE-2006-6107
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           local system
Attack Impact:           denial of service

Description:
    Kimmo Hämäläinen found [0] a vendor-confirmed Denial of Service
    (DoS) vulnerability in the D-Bus [1] message bus system, versions
    before 1.0.2. The flaw is in the "match_rule_equal" function in
    "bus/signals.c" and allows local applications to remove match rules
    for other applications and cause a DoS via lost process messages.

References:
    [0] https://bugs.freedesktop.org/show_bug.cgi?id=9142
    [1] http://www.freedesktop.org/wiki/Software/dbus
____________________________________________________________________________

Primary Package Name:    dbus
Primary Package Home:    http://openpkg.org/go/package/dbus

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        2-STABLE-20061018 dbus-1.0.2-2.20061221
OpenPKG Community        2-STABLE          dbus-1.0.2-2.20061221
OpenPKG Community        CURRENT           dbus-1.0.2-20061213
____________________________________________________________________________

For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFil+1ZwQuyWG3rjQRAprBAKChyT+Kf/cmq17O1y6Y0cUzjSlFEACgp+/j
4sOoJB3dAQLFntl9CY/ukk4=
=lzaH
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus), OpenPKG GmbH <=
Previous by Date:  Re: [Full-disclosure] Fun with event logs (semi-offtopic), Michele Cicciotti
Next by Date:  [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability, Williams, James K
Previous by Thread:  [Full-disclosure] Fun with event logs (semi-offtopic), 3APA3A
Next by Thread:  [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability, Williams, James K
Indexes:  [Date] [Thread] [Top] [All Lists]