CVE-2009-1189

Exploit

EPSS 1.11%
Veröffentlicht 27.04.2009 18:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key.  NOTE: this is due to an incorrect fix for CVE-2008-3834.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freedesktop ≫ Dbus Version <= 1.2.3

Freedesktop ≫ Dbus Version0.1

Freedesktop ≫ Dbus Version0.2

Freedesktop ≫ Dbus Version0.3

Freedesktop ≫ Dbus Version0.4

Freedesktop ≫ Dbus Version0.5

Freedesktop ≫ Dbus Version0.6

Freedesktop ≫ Dbus Version0.7

Freedesktop ≫ Dbus Version0.8

Freedesktop ≫ Dbus Version0.9

Freedesktop ≫ Dbus Version0.10

Freedesktop ≫ Dbus Version0.11

Freedesktop ≫ Dbus Version0.12

Freedesktop ≫ Dbus Version0.13

Freedesktop ≫ Dbus Version0.20

Freedesktop ≫ Dbus Version0.21

Freedesktop ≫ Dbus Version0.22

Freedesktop ≫ Dbus Version0.23

Freedesktop ≫ Dbus Version0.23.1

Freedesktop ≫ Dbus Version0.23.2

Freedesktop ≫ Dbus Version0.23.3

Freedesktop ≫ Dbus Version0.31

Freedesktop ≫ Dbus Version0.32

Freedesktop ≫ Dbus Version0.33

Freedesktop ≫ Dbus Version0.34

Freedesktop ≫ Dbus Version0.35

Freedesktop ≫ Dbus Version0.35.1

Freedesktop ≫ Dbus Version0.35.2

Freedesktop ≫ Dbus Version0.36

Freedesktop ≫ Dbus Version0.36.1

Freedesktop ≫ Dbus Version0.36.2

Freedesktop ≫ Dbus Version0.50

Freedesktop ≫ Dbus Version0.60

Freedesktop ≫ Dbus Version0.61

Freedesktop ≫ Dbus Version0.62

Freedesktop ≫ Dbus Version0.90

Freedesktop ≫ Dbus Version0.91

Freedesktop ≫ Dbus Version0.92

Freedesktop ≫ Dbus Version1.0

Freedesktop ≫ Dbus Version1.0 Updaterc1

Freedesktop ≫ Dbus Version1.0 Updaterc2

Freedesktop ≫ Dbus Version1.0 Updaterc3

Freedesktop ≫ Dbus Version1.0.2

Freedesktop ≫ Dbus Version1.1.0

Freedesktop ≫ Dbus Version1.1.1

Freedesktop ≫ Dbus Version1.1.2

Freedesktop ≫ Dbus Version1.1.4

Freedesktop ≫ Dbus Version1.1.20

Freedesktop ≫ Dbus Version1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.774

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

https://rhn.redhat.com/errata/RHSA-2010-0095.html

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://secunia.com/advisories/38794

Vendor Advisory

http://www.vupen.com/english/advisories/2010/0528

Vendor Advisory

http://secunia.com/advisories/32127

Vendor Advisory

http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a

Patch

Vendor Advisory