Vulnerabilities > CVE-2006-6107 - Unspecified vulnerability in D-Bus
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN d-bus
nessus
Summary
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-233.NASL description A vulnerability was discovered in D-Bus that could be exploited by a local attacker to cause a Denial of Service. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24616 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24616 title Mandrake Linux Security Advisory : dbus (MDKSA-2006:233) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5B47B70D8BA911DB81D500123FFE8333.NASL description Secunia reports : D-Bus have a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). An error within the last seen 2020-06-01 modified 2020-06-02 plugin id 23871 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23871 title FreeBSD : dbus -- match_rule_equal() Weakness (5b47b70d-8ba9-11db-81d5-00123ffe8333) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0008.NASL description Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24285 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24285 title CentOS 4 : dbus (CESA-2007:0008) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0008.NASL description From Red Hat Security Advisory 2007:0008 : Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67436 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67436 title Oracle Linux 4 : dbus (ELSA-2007-0008) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-401-1.NASL description Kimmo Hamalainen discovered that local users could delete other users last seen 2020-06-01 modified 2020-06-02 plugin id 27989 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27989 title Ubuntu 5.10 / 6.06 LTS / 6.10 : dbus vulnerability (USN-401-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0008.NASL description Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24314 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24314 title RHEL 4 : dbus (RHSA-2007:0008) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-750.NASL description 6 vulnerabilities were discovered for the dbus-1 and dbus-1-x11 packages in openSUSE versions 11.4, 12.1, and 12.2. last seen 2020-06-05 modified 2014-06-13 plugin id 74795 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74795 title openSUSE Security Update : dbus-1 / dbus-1-x11 (openSUSE-SU-2012:1418-1)
Oval
| accepted | 2013-04-29T04:23:35.425-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9951 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php
- http://archives.mandrivalinux.com/security-announce/2006-12/msg00025.php
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
- http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html
- http://lists.rpath.com/pipermail/security-announce/2007-February/000147.html
- http://openpkg.com/go/OpenPKG-SA-2006.041
- http://openpkg.com/go/OpenPKG-SA-2006.041
- http://secunia.com/advisories/23373
- http://secunia.com/advisories/23373
- http://secunia.com/advisories/23390
- http://secunia.com/advisories/23390
- http://secunia.com/advisories/23611
- http://secunia.com/advisories/23611
- http://secunia.com/advisories/24059
- http://secunia.com/advisories/24059
- http://secunia.com/advisories/24131
- http://secunia.com/advisories/24131
- http://www.freedesktop.org/wiki/Software/dbus
- http://www.freedesktop.org/wiki/Software/dbus
- http://www.redhat.com/support/errata/RHSA-2007-0008.html
- http://www.redhat.com/support/errata/RHSA-2007-0008.html
- http://www.securityfocus.com/bid/21571
- http://www.securityfocus.com/bid/21571
- http://www.securitytracker.com/id?1017608
- http://www.securitytracker.com/id?1017608
- http://www.ubuntu.com/usn/usn-401-1
- http://www.ubuntu.com/usn/usn-401-1
- http://www.vupen.com/english/advisories/2006/4988
- http://www.vupen.com/english/advisories/2006/4988
- https://bugs.freedesktop.org/show_bug.cgi?id=9142
- https://bugs.freedesktop.org/show_bug.cgi?id=9142
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30874
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30874
- https://issues.rpath.com/browse/RPL-860
- https://issues.rpath.com/browse/RPL-860
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9951