Debian Dbus vulnerabilities

CVE-2011-2200 [MEDIUM] CVE-2011-2200: dbus - The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) ... The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted

CVE-2010-4352 [LOW] CVE-2010-4352: dbus - Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local us... Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. Scope: local bookworm: resolved (fixed in 1.2.24-4) bullseye: resolved (fixed in 1.2.24-4) forky: resolved (fixed in 1.2.24-4) sid: resolved (fixed in 1.2.24-4) trixie: resolved (fixed in 1.2.24-4)

CVE-2009-1189 [LOW] CVE-2009-1189: dbus - The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D... The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. Scope: local bookworm: resolved (fixed in 1.2.14-1) bullseye: resolved (fixed in 1.2.14-1)

CVE-2008-0595 [MEDIUM] CVE-2008-0595: dbus - dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_inte... dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. Scope: local bookworm: resolved (fixed in 1.1.20-1) bullseye: resolved (fixed in 1.1.20

CVE-2008-4311 [MEDIUM] CVE-2008-4311: dbus - The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits ... The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. Scope: local bookworm: resolved (fixed in 1.2.1-5) bul

CVE-2008-3834 [LOW] CVE-2008-3834: dbus - The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4... The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. Scope: local bookworm: resolved (fixed in 1.2.1-4) bullseye: resolved (fixed in 1.2.1-4) forky: resolved (fixed in 1.2.1-4) sid: re

CVE-2006-6107 [LOW] CVE-2006-6107: dbus - Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D... Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). Scope: local bookworm: resolved (fixed in 1.0.2-1) bullseye: resolved (fixed in 1.0.2-1) forky: resolved (fixed in 1.0.2-1) sid: resolved (fixed in 1.

CVE-2005-0201 [LOW] CVE-2005-0201: dbus - D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the s... D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket. Scope: local bookworm: resolved (fixed in 0.22) bullseye: resolved (fixed in 0.22) forky: resolved (fixed in 0.22) sid: resolved (fixed in 0.22) trixie: