Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2008-3834

Published: 07/10/2008 Updated: 29/09/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Dbus

Vulnerability Summary

The dbus_signature_validate function in the D-bus library (libdbus) prior to 1.2.4 allows remote malicious users to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop dbus 1.1.1

freedesktop dbus1.1.0

freedesktop dbus 0.62

freedesktop dbus 0.61

freedesktop dbus 0.35

freedesktop dbus 0.34

freedesktop dbus 0.33

freedesktop dbus 0.22

freedesktop dbus 0.21

freedesktop dbus 0.8

freedesktop dbus 0.7

freedesktop dbus 1.0.2

freedesktop dbus1.0 rc1

freedesktop dbus 0.92

freedesktop dbus 0.36.1

freedesktop dbus 0.36

freedesktop dbus 0.23.3

freedesktop dbus 0.23.2

freedesktop dbus 0.12

freedesktop dbus 0.11

freedesktop dbus 0.4

freedesktop dbus 0.3

freedesktop dbus1.0 rc3

freedesktop dbus1.0 rc2

freedesktop dbus 0.50

freedesktop dbus 0.36.2

freedesktop dbus 0.32

freedesktop dbus 0.31

freedesktop dbus 0.20

freedesktop dbus 0.13

freedesktop dbus 0.6

freedesktop dbus 0.5

freedesktop dbus

freedesktop dbus 1.1.2

freedesktop dbus 0.91

freedesktop dbus 0.90

freedesktop dbus 0.35.2

freedesktop dbus 0.35.1

freedesktop dbus 0.23.1

freedesktop dbus 0.23

freedesktop dbus 0.10

freedesktop dbus 0.9

freedesktop dbus 0.2

freedesktop dbus 0.1

Vendor Advisories

Ubuntu Security Notice: dbus vulnerabilities
Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a “send_interface” defined (CVE-2008-0595) ...
Red Hat: Moderate: dbus security update
Synopsis Moderate: dbus security update Type/Severity Security Advisory: Moderate Topic Updated dbus packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Red Hat: Moderate: dbus security update
Synopsis Moderate: dbus security update Type/Severity Security Advisory: Moderate Topic Updated dbus packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Debian CVElist Bug Report Logs: dbus: CVE-2008-3834, possible DoS
Debian Bug report logs - #501443 dbus: CVE-2008-3834, possible DoS Package: dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for dbus is src:dbus (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Tue, 7 Oct 2008 12:03:0 ...
Debian CVElist Bug Report Logs: dbus: CVE-2009-1189 incomplete fix for CVE-2008-3834
Debian Bug report logs - #532720 dbus: CVE-2009-1189 incomplete fix for CVE-2008-3834 Package: dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for dbus is src:dbus (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: ...
Debian Security Advisories: DSA-1658-1 dbus -- programming error
Colin Walters discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack For the stable distribution (etch), this problem has been fixed in version 102-1+etch2 For the testing distribution (lenny) and unstable distribution (sid) this problem will be fixed soon We ...

Exploits

Exploit DB: D-Bus Daemon < 1.2.4 - 'libdbus' Denial of Service
/* * cve-2008-3834c * * D-Bus Daemon Denial of Service &lt; 124 * Jon Oberheide &lt;jon@oberheideorg&gt; * jonoberheideorg * * Usage: * * $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834c `pkg-config dbus-1 --libs` -o cve-2008-3834 * $ /cve-2008-3834 * * Information: * * cvemitreorg/cgi-bin/cvenamecgi? ...
Exploit DB: D-Bus Daemon Denial Of Service
D-Bus Daemon versions prior to 124 remote denial of service exploit that uses a message with a malformed signature ...

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834http://www.securityfocus.com/bid/31602http://secunia.com/advisories/32127https://bugs.freedesktop.org/show_bug.cgi?id=17803http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88ahttp://www.ubuntu.com/usn/usn-653-1http://www.securitytracker.com/id?1021063http://www.mandriva.com/security/advisories?name=MDVSA-2008:213http://secunia.com/advisories/32281http://secunia.com/advisories/32230http://www.debian.org/security/2008/dsa-1658http://secunia.com/advisories/32385https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.htmlhttp://secunia.com/advisories/33396http://www.redhat.com/support/errata/RHSA-2009-0008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlhttp://www.vupen.com/english/advisories/2008/2762http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://exchange.xforce.ibmcloud.com/vulnerabilities/45701https://www.exploit-db.com/exploits/7822https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253https://usn.ubuntu.com/653-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/7822/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook