Rapid7 Vulnerability & Exploit Database

RHSA-2010:0018: dbus security update

Back to Search

RHSA-2010:0018: dbus security update

Severity
4
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:P)
Published
04/27/2009
Created
07/25/2018
Added
01/27/2010
Modified
07/04/2017

Description

D-Bus is a system for sending messages between applications. It is used forthe system-wide message bus service and as a per-user-login-sessionmessaging facility.It was discovered that the Red Hat Security Advisory RHSA-2009:0008 didnot correctly fix the denial of service flaw in the system for sendingmessages between applications. A local user could use this flaw to send amessage with a malformed signature to the bus, causing the bus (and,consequently, any process using libdbus to receive messages) to abort.(CVE-2009-1189)Note: Users running any application providing services over the systemmessage bus are advised to test this update carefully before deploying itin production environments.All users are advised to upgrade to these updated packages, which contain abackported patch to correct this issue. For the update to take effect, allrunning instances of dbus-daemon and all running applications using thelibdbus library must be restarted, or the system rebooted.

Solution(s)

  • redhat-upgrade-dbus
  • redhat-upgrade-dbus-devel
  • redhat-upgrade-dbus-libs
  • redhat-upgrade-dbus-x11

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;