Vulnerability Details : CVE-2008-3834
Public exploit exists!
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2008-3834
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus1.1.0:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus1.0:rc1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus1.0:rc3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus1.0:rc2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3834
3.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3834
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2008-3834
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3834
-
http://www.securityfocus.com/bid/31602
-
http://www.redhat.com/support/errata/RHSA-2009-0008.html
Support
-
https://bugs.freedesktop.org/show_bug.cgi?id=17803
-
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
openSUSE-SU-2012:1418-1: moderate: update for dbus-1, dbus-1-x11
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
404 Not Found
-
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:027 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.exploit-db.com/exploits/7822
D-Bus Daemon < 1.2.4 - 'libdbus' Denial of Service - Multiple dos Exploit
-
http://www.debian.org/security/2008/dsa-1658
[SECURITY] [DSA 1658-1] New dbus packages fix denial of service
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
464674 – (CVE-2008-3834) CVE-2008-3834 dbus denial of service
-
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
dbus
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
-
http://www.ubuntu.com/usn/usn-653-1
USN-653-1: D-Bus vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.securitytracker.com/id?1021063
GoDaddy Domain Name Search
-
http://www.vupen.com/english/advisories/2008/2762
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
Mandriva
-
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html
[SECURITY] Fedora 9 Update: dbus-1.2.4-1.fc9
Jump to