Vulnerabilities > CVE-2006-6107 - Local Denial of Service vulnerability in D-Bus Signals.C

047910
CVSS 1.7 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
d-bus
nessus
NVD
Published: 2006-12-14
Updated: 2017-10-11

Summary

Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). This vulnrability is addressed in the following product release: D-BUS, D-BUS, 1.0.2

Vulnerable Configurations

Part Description Count
Application
D-Bus
7

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-233.NASL
    descriptionA vulnerability was discovered in D-Bus that could be exploited by a local attacker to cause a Denial of Service. Updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24616
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24616
    titleMandrake Linux Security Advisory : dbus (MDKSA-2006:233)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5B47B70D8BA911DB81D500123FFE8333.NASL
    descriptionSecunia reports : D-Bus have a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). An error within the
    last seen2020-06-01
    modified2020-06-02
    plugin id23871
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23871
    titleFreeBSD : dbus -- match_rule_equal() Weakness (5b47b70d-8ba9-11db-81d5-00123ffe8333)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0008.NASL
    descriptionUpdated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24285
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24285
    titleCentOS 4 : dbus (CESA-2007:0008)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0008.NASL
    descriptionFrom Red Hat Security Advisory 2007:0008 : Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67436
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67436
    titleOracle Linux 4 : dbus (ELSA-2007-0008)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-401-1.NASL
    descriptionKimmo Hamalainen discovered that local users could delete other users
    last seen2020-06-01
    modified2020-06-02
    plugin id27989
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27989
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : dbus vulnerability (USN-401-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0008.NASL
    descriptionUpdated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hamalainen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24314
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24314
    titleRHEL 4 : dbus (RHSA-2007:0008)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-750.NASL
    description6 vulnerabilities were discovered for the dbus-1 and dbus-1-x11 packages in openSUSE versions 11.4, 12.1, and 12.2.
    last seen2020-06-05
    modified2014-06-13
    plugin id74795
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74795
    titleopenSUSE Security Update : dbus-1 / dbus-1-x11 (openSUSE-SU-2012:1418-1)

Oval

accepted2013-04-29T04:23:35.425-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionUnspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
familyunix
idoval:org.mitre.oval:def:9951
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUnspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
version26

Redhat

advisories
bugzilla
id218055
titleCVE-2006-6107 D-Bus denial of service
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentdbus-devel is earlier than 0:0.22-12.EL.8
          ovaloval:com.redhat.rhsa:tst:20070008001
        • commentdbus-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070008002
      • AND
        • commentdbus-glib is earlier than 0:0.22-12.EL.8
          ovaloval:com.redhat.rhsa:tst:20070008003
        • commentdbus-glib is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070008004
      • AND
        • commentdbus-python is earlier than 0:0.22-12.EL.8
          ovaloval:com.redhat.rhsa:tst:20070008005
        • commentdbus-python is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070008006
      • AND
        • commentdbus-x11 is earlier than 0:0.22-12.EL.8
          ovaloval:com.redhat.rhsa:tst:20070008007
        • commentdbus-x11 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070008008
      • AND
        • commentdbus is earlier than 0:0.22-12.EL.8
          ovaloval:com.redhat.rhsa:tst:20070008009
        • commentdbus is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070008010
rhsa
idRHSA-2007:0008
released2007-02-08
severityModerate
titleRHSA-2007:0008: dbus security update (Moderate)
rpms
  • dbus-0:0.22-12.EL.8
  • dbus-debuginfo-0:0.22-12.EL.8
  • dbus-devel-0:0.22-12.EL.8
  • dbus-glib-0:0.22-12.EL.8
  • dbus-python-0:0.22-12.EL.8
  • dbus-x11-0:0.22-12.EL.8

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References