Mandriva Update For Dbus MDVSA-2008:054 (dbus) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to. The updated packages have been patched to correct these issues. Users will have to reboot the system once these packages have been installed in order to prevent problems due to service dependencies on the messagebus service.

Affected

dbus on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2008-0595
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:178 (squid)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:063 (eog)
Mandrake Security Advisory MDVSA-2009:172 (dhcp)
Mandrake Security Advisory MDVSA-2009:034 (squid)

Mandriva Update for dbus MDVSA-2008:054 (dbus)

Take action and discover your vulnerabilities