Debian Security Advisory DSA 2149-1 (dbus) Network Vulnerability

Summary

The remote host is missing an update to dbus announced via advisory DSA 2149-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202149-1

Insight

Rémi Denis-Courmont discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants. This allows an attacker to crash the dbus system daemon due to a call stack overflow via crafted messages. For the stable distribution (lenny), this problem has been fixed in version 1.2.1-5+lenny2. For the testing distribution (squeeze), this problem has been fixed in version 1.2.24-4. For the unstable distribution (sid), this problem has been fixed in version 1.2.24-4. We recommend that you upgrade your dbus packages.

Severity

Classification

CVE CVE-2010-4352
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1130-1 (sitebar)
Debian Security Advisory DSA 046-1 (exuberant-ctags)
Debian Security Advisory DSA 2707-1 (dbus - denial of service)
Debian Security Advisory DSA 2821-1 (gnupg - side channel attack)
Debian Security Advisory DSA 1517-1 (ldapscripts)

Take action and discover your vulnerabilities