Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: D-Bus vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Kimmo Hämäläinen discovered that local users could delete other users' D-Bus match rules. Applications would stop receiving D-Bus messages, resulting in a local denial of service, and potential data loss for applications that depended on D-Bus for storing information.
Ubuntu Security Notice USN-401-1           January 04, 2007
dbus vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  dbus                                     0.36.2-0ubuntu7.1

Ubuntu 6.06 LTS:
  dbus                                     0.60-6ubuntu8.1

Ubuntu 6.10:
  dbus                                     0.93-0ubuntu3.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Kimmo Hämäläinen discovered that local users could delete other users' 
D-Bus match rules.  Applications would stop receiving D-Bus messages, 
resulting in a local denial of service, and potential data loss for 
applications that depended on D-Bus for storing information.

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:    20079 c9da5415d9c40e3e7d8c8a0a42a5a8af
      Size/MD5:     1481 678473638ffb542af376a9288b7e9894
      Size/MD5:  1601374 45468e46967d3e70f082d0d0e6049225

  Architecture independent packages:
      Size/MD5:  1383452 824c945c895bd5ca3a1632ebf8781bd9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   195764 712e8501c1c1c5565a8bb12acbb51a4d
      Size/MD5:   310368 60e21a4aa8c9d645455af9fb25cd81c6
      Size/MD5:   241070 bc6ba41be6e038289ef183bc1c87e181
      Size/MD5:   170960 950c9bbff0dfb5ef4df5ac6973fa04c3
      Size/MD5:   300864 7fb845375f9e670ac3d4227606fe392d
      Size/MD5:   180612 df5d59d9d9c29f95f972b5e2c256ce50
      Size/MD5:   193072 86e23e014f4c77a76151a1757c1b3be1
      Size/MD5:   157726 39d7412bb822f791d92350a2696b9887
      Size/MD5:   163258 8027be432eb55cfb227c5bef071280c1
      Size/MD5:   251134 6fe6da35ea09b517f10a024fd46358a3

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   187842 57bafa477f0e6012efb1c546f1ac5ba1
      Size/MD5:   282266 d61ce631f7496d856953bf627c465983
      Size/MD5:   222250 9f55f30febe9348e36188fb6e8bcfa13
      Size/MD5:   170946 df0793130767e616a7c079fc6f829137
      Size/MD5:   270674 1fb3909d28345ed391e0c9141460e625
      Size/MD5:   173126 e551007daa64f67d318b1f7bad691051
      Size/MD5:   181714 fbd4c23ec66b8f4fd61b27bba9bf4922
      Size/MD5:   156706 0d132bd73e9c5ed70cca0558cad82ec2
      Size/MD5:   158740 b28bdab122b5315b9cc417a41a074ee0
      Size/MD5:   218494 9f70ef4b3b14282875cb998d59bcae33

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   192946 89dc034a6de6bdc7508791738c4b10a6
      Size/MD5:   299108 5106a12ad4aaa1960fbc9422a9abdfdb
      Size/MD5:   232986 024d0c54ea48b3153432b7a062b3668d
      Size/MD5:   170982 6747148cff82f0373c034b2c2ab1a3c5
      Size/MD5:   302540 3b6c88a2c0db48177f180e8f51eaad53
      Size/MD5:   176706 ee480d7909433bbd1f66155e921b4c99
      Size/MD5:   198582 b86a893d88185c8ea9cdb29c779e3fc6
      Size/MD5:   158124 2bb48c5f5db6f8ef1937e5b6bd2ab8b9
      Size/MD5:   163226 7d6a08b0bc2457e15e4ffd6bc06b1d01
      Size/MD5:   234152 433b4c6b8d5157f7f570f608397f386e

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   186422 9ba9fc57f030f3a7b7e3dddd6440bea3
      Size/MD5:   289158 4df57c3bf5e269d8f4d9cef573d7ca74
      Size/MD5:   230264 394f47bb45d80ff07228f1244c946fb8
      Size/MD5:   289474 c38d7b4d44e34f251b7163c8ad823606
      Size/MD5:   174194 2b5679690fa72c65ab144ce4832f7b05
      Size/MD5:   186886 ccb7a85709fed92065ae6f60a14db1fe
      Size/MD5:   154888 fdecf46c661d3a083430d4a2a89410b0
      Size/MD5:   158726 becc2d28d6e0fd3e474ac88ebed13a35
      Size/MD5:   230074 5f77ff7a114b40e68c5f630a93f73d69

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   100206 ddc1dbe8507a9dd406b4abf498f68f49
      Size/MD5:     1126 3fe41f6f142537d79438b6dd5e864d7b
      Size/MD5:  1674899 da9561b5e579cedddc34f53427e99a93

  Architecture independent packages:
      Size/MD5:  1655382 10cf358a6d8767eeb1be1426ec1e2ee3
      Size/MD5:   188248 e34976afe8a5adfa283f88ef0720e7c0
      Size/MD5:   179380 ac6e1b25c066b377375e6b6bad5bab24

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   174816 21475f90a3261414d2a14457c985c390
      Size/MD5:   355150 b3a8974f609050e827d1f33f7132939b
      Size/MD5:   265098 a6cf0a4960377fded75b9590040745c2
      Size/MD5:   328944 a0ffe826caa1c9c86efed4daee016528
      Size/MD5:   199544 25b0ff19ca3da0d939754855851c2bd3
      Size/MD5:   242586 04e3cdd9c322b0162ba3b2cb33f8add0
      Size/MD5:   173262 e3a5f3a798603f1dc7936cb36577ea6e
      Size/MD5:   178676 44a68df0c5f5b018ca903bf5a848c4c1
      Size/MD5:   284522 74fd5312882f73dce65158c434b75106

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   171288 bfb8f089aea427d785e219bfb260eec1
      Size/MD5:   324468 046ab4a935e8d621647712b7204e733b
      Size/MD5:   246804 af2c874611971df46c16dc18ad7f6cbe
      Size/MD5:   296172 0b68de8b9b0ce4bd822f8f9e0a4841e2
      Size/MD5:   191616 a0577114c2adace9f68a07b3a4a2c91e
      Size/MD5:   226422 de4cef9adb6d84c8da1129797c339316
      Size/MD5:   172226 64d06f96ed5041d67773b14077727b78
      Size/MD5:   174228 3b1ab8688160e4c04d5a500c392eac17
      Size/MD5:   247038 90866461b46f5270d036c26d57171fab

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   173506 1e7f5087b32c3e8feff59e2295ca0ded
      Size/MD5:   343536 7a69c2309e72bd337a770929213d4a46
      Size/MD5:   257020 e4d72ee3c8268a8d0275958e9b5ef7d1
      Size/MD5:   329328 b57a2963ecfc53d0d2737efb9beed82d
      Size/MD5:   195780 8f82a8373453ea604b86a07964d6498c
      Size/MD5:   247862 16cd64fcd095d8a887ef0f9da4fb8704
      Size/MD5:   173624 29fb598865f2b7d4bbc638b2fd974b1a
      Size/MD5:   178600 89b633c90fc8a30da96c64e3d00d0673
      Size/MD5:   266342 f751c2842f68a6abcbc26651cffe6cdd

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   170568 ffb23c6d5c2915ddcbcc1a8be6ce942b
      Size/MD5:   327018 fd1bf8ffc70d9351e551f4b1921aa68c
      Size/MD5:   250542 fc280708d68f457c4d6a7d3ba66a923f
      Size/MD5:   312590 51bf3b36c0fb2b6e7afa542cc558b601
      Size/MD5:   192674 c4a100d093b42b835b28560cece9a524
      Size/MD5:   231288 2dcbf7c4f4838fe673ee62eb6df5c822
      Size/MD5:   170422 11effc1a2b70e5731aeefde6de9ff2e9
      Size/MD5:   174038 51db05b72407fcc78ed6aaf2791d2202
      Size/MD5:   260556 9f58e71b519c9c2bf543c43be2ab7bff

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   117039 f47a78f495f401868bc35d943ecf505d
      Size/MD5:      820 a5767207eada04d0f2659d3ad71529fc
      Size/MD5:  1340600 0770dce874c76f7364d055e4648900fb

  Architecture independent packages:
      Size/MD5:  1416724 12d8c434f1f2925f227a4a05b200e67f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   170524 41a22213707b522567fd66d26c22bc61
      Size/MD5:   338542 8cbe34056e64fadb865e41ea11651154
      Size/MD5:   262364 c72d3dd7e173b3b96a507592e0e3e999
      Size/MD5:   317842 276fd2013bcbbb816d6d6ad164a75d4a

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   170194 2d364d4f90ba5fa9ce4c86452222fc30
      Size/MD5:   320286 48cca94b6a7f772278e155dbf9bac25d
      Size/MD5:   251386 7b944239d603226ae6d8bab59a249be2
      Size/MD5:   295592 beec29784746968bee16ddda7de46743

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   170486 ac806d14f7d8715720d60f5a5b79ec23
      Size/MD5:   329424 16987d9e39c97e5d203993f636c66a32
      Size/MD5:   255352 390e255f63b35dd3166cf97c73ab2a86
      Size/MD5:   319702 b0c8549bb422004235e11fa23b5befe3

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   170220 e7b2da879a9d4be28a8cb1e9f4ab58ea
      Size/MD5:   313350 9aa50d65706275ca2f96f518bebef5a4
      Size/MD5:   248588 30749b19e35a61c57f7f3f72042112e1
      Size/MD5:   303382 ef832acfb17592ecb37ac449a9ce1546

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============59746676=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.