Debian Security Advisory DSA 2149-1 (dbus) Network Vulnerability

Summary

The remote host is missing an update to dbus announced via advisory DSA 2149-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202149-1

Insight

Rémi Denis-Courmont discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants. This allows an attacker to crash the dbus system daemon due to a call stack overflow via crafted messages. For the stable distribution (lenny), this problem has been fixed in version 1.2.1-5+lenny2. For the testing distribution (squeeze), this problem has been fixed in version 1.2.24-4. For the unstable distribution (sid), this problem has been fixed in version 1.2.24-4. We recommend that you upgrade your dbus packages.

Severity

Classification

CVE CVE-2010-4352

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 043-1 (zope)
Debian Security Advisory DSA 1068-1 (fbi)
Debian Security Advisory DSA 021-1 (apache)
Debian Security Advisory DSA 1057-1 (phpldapadmin)
Debian Security Advisory DSA 1042-1 (cyrus-sasl2)

Take action and discover your vulnerabilities