CVE - CVE-2009-1189

CVE-ID
CVE-2009-1189	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:31602 URL:http://www.securityfocus.com/bid/31602 MISC:32127 URL:http://secunia.com/advisories/32127 MISC:35810 URL:http://secunia.com/advisories/35810 MISC:38794 URL:http://secunia.com/advisories/38794 MISC:ADV-2010-0528 URL:~~http://www.vupen.com/english/advisories/2010/0528~~ (Obsolete source) MISC:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html MISC:USN-799-1 URL:https://usn.ubuntu.com/799-1/ MISC:[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) URL:http://www.openwall.com/lists/oss-security/2009/04/16/13 MISC:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html MISC:dbus-dbusmarshalvalidate-spoofing(50385) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/50385 MISC:http://bugs.freedesktop.org/show_bug.cgi?id=17803 URL:http://bugs.freedesktop.org/show_bug.cgi?id=17803 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 MISC:http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a URL:http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a MISC:oval:org.mitre.oval:def:10308 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308
Assigning CNA
Red Hat, Inc.
Date Record Created
20090331	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090331)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.