Test Kennung:	1.3.6.1.4.1.25623.1.0.880493
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for dbus CESA-2011:0376 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'dbus'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dbus' package(s) announced via the referenced advisory. Vulnerability Insight: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2010-4352) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. Affected Software/OS: dbus on CentOS 5 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4352 42580 http://secunia.com/advisories/42580 42760 http://secunia.com/advisories/42760 42911 http://secunia.com/advisories/42911 42960 http://secunia.com/advisories/42960 45377 http://www.securityfocus.com/bid/45377 ADV-2010-3325 http://www.vupen.com/english/advisories/2010/3325 ADV-2011-0161 http://www.vupen.com/english/advisories/2011/0161 ADV-2011-0178 http://www.vupen.com/english/advisories/2011/0178 ADV-2011-0464 http://www.vupen.com/english/advisories/2011/0464 DSA-2149 http://www.debian.org/security/2011/dsa-2149 FEDORA-2010-19166 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html SUSE-SR:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html USN-1044-1 http://www.ubuntu.com/usn/USN-1044-1 [oss-security] 20101216 CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/16/3 [oss-security] 20101216 Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/16/6 [oss-security] 20101221 Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants http://openwall.com/lists/oss-security/2010/12/21/3 http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.remlab.net/op/dbus-variant-recursion.shtml https://bugs.freedesktop.org/show_bug.cgi?id=32321 https://bugzilla.redhat.com/show_bug.cgi?id=663673 openSUSE-SU-2012:1418 http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.