FrSIRT - Mandriva Security Update Fixes D-Bus Security Policy Bypass Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes D-Bus Security Policy Bypass Issue

Title : Mandriva Security Update Fixes D-Bus Security Policy Bypass Issue
Advisory ID : FrSIRT/ADV-2008-0706
CVE ID : CVE-2008-0595
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-02-29

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to bypass security restrictions [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
5a7276c83f7f3ac5e2d8f26f3cf0fed9 2007.0/i586/dbus-0.92-8.3mdv2007.0.i586.rpm
e97939d34bc7d3782bf8c5f54b6bca90 2007.0/i586/dbus-x11-0.92-8.3mdv2007.0.i586.rpm
9163f5e8243bf78d88be99329ee5536e 2007.0/i586/libdbus-1_3-0.92-8.3mdv2007.0.i586.rpm
dd9015731ae2557d7e0962204eedacc3 2007.0/i586/libdbus-1_3-devel-0.92-8.3mdv2007.0.i586.rpm
7e124dac56bfef6f1966cbc2f535fa7b 2007.0/SRPMS/dbus-0.92-8.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
79ace61e47f1dee7e62cfa2e7b1fd700 2007.0/x86_64/dbus-0.92-8.3mdv2007.0.x86_64.rpm
422ee658a55a0b36f53be71965e6d890 2007.0/x86_64/dbus-x11-0.92-8.3mdv2007.0.x86_64.rpm
e7126e8743aaa2994815eac7816ab1af 2007.0/x86_64/lib64dbus-1_3-0.92-8.3mdv2007.0.x86_64.rpm
ff7a748f340acc367150b76bc96d9144 2007.0/x86_64/lib64dbus-1_3-devel-0.92-8.3mdv2007.0.x86_64.rpm
7e124dac56bfef6f1966cbc2f535fa7b 2007.0/SRPMS/dbus-0.92-8.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
c46891482cb070370be2c6157d6bef2f 2007.1/i586/dbus-1.0.2-5.1mdv2007.1.i586.rpm
ce9017c03cf6da6c230813a17575e3ec 2007.1/i586/dbus-x11-1.0.2-5.1mdv2007.1.i586.rpm
6c4101834728f802046b542f151b1610 2007.1/i586/libdbus-1_3-1.0.2-5.1mdv2007.1.i586.rpm
77e621ee92730a2dc2cf1afa3767fb0f 2007.1/i586/libdbus-1_3-devel-1.0.2-5.1mdv2007.1.i586.rpm
871e7bf8eb42f738ea608498bb22c83d 2007.1/SRPMS/dbus-1.0.2-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
810876faa8ab66ad81208e478d1b6c66 2007.1/x86_64/dbus-1.0.2-5.1mdv2007.1.x86_64.rpm
8264902b916bf8173254d409190e4521 2007.1/x86_64/dbus-x11-1.0.2-5.1mdv2007.1.x86_64.rpm
9af9c3dafc670a714fccd436eb2f5f55 2007.1/x86_64/lib64dbus-1_3-1.0.2-5.1mdv2007.1.x86_64.rpm
74eab3e48b81c4d28059e18d2f85c6cd 2007.1/x86_64/lib64dbus-1_3-devel-1.0.2-5.1mdv2007.1.x86_64.rpm
871e7bf8eb42f738ea608498bb22c83d 2007.1/SRPMS/dbus-1.0.2-5.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
8229d2b51c125547a97777820e2b1a07 2008.0/i586/dbus-1.0.2-10.1mdv2008.0.i586.rpm
54cda1c75e70def572ad0863ff5906be 2008.0/i586/dbus-x11-1.0.2-10.1mdv2008.0.i586.rpm
c0fe93aefc3fb7ba23c1fa094e514fb6 2008.0/i586/libdbus-1_3-1.0.2-10.1mdv2008.0.i586.rpm
73faf4f17084c8d7649ae9a7ba2388a8 2008.0/i586/libdbus-1_3-devel-1.0.2-10.1mdv2008.0.i586.rpm
434db235c2a5c47a71da59419c47af6f 2008.0/SRPMS/dbus-1.0.2-10.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
bbd678498ca22dbc20f9c3a1e5070242 2008.0/x86_64/dbus-1.0.2-10.1mdv2008.0.x86_64.rpm
91b3a599276bea83e65090250944c83c 2008.0/x86_64/dbus-x11-1.0.2-10.1mdv2008.0.x86_64.rpm
d2e9804fbe492b9d00784c05e739f46d 2008.0/x86_64/lib64dbus-1_3-1.0.2-10.1mdv2008.0.x86_64.rpm
0088a4965b25db33615eb7192dff7ddc 2008.0/x86_64/lib64dbus-1_3-devel-1.0.2-10.1mdv2008.0.x86_64.rpm
434db235c2a5c47a71da59419c47af6f 2008.0/SRPMS/dbus-1.0.2-10.1mdv2008.0.src.rpm

ChangeLog

2008-02-29 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)