CVE-2009-1189

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-04-27 18:00

Updated : 2024-02-04 17:33


NVD link : CVE-2009-1189

Mitre link : CVE-2009-1189

CVE.ORG link : CVE-2009-1189


JSON object : View

Products Affected

freedesktop

  • dbus
CWE
CWE-20

Improper Input Validation