94105 – (CVE-2005-0201) VUL-0: CVE-2005-0201: CVE-2005-0201D-BUS leaks messages

Bug 94105 (CVE-2005-0201) - VUL-0: CVE-2005-0201: CVE-2005-0201D-BUS leaks messages

Summary: VUL-0: CVE-2005-0201: CVE-2005-0201D-BUS leaks messages

Status:	RESOLVED INVALID
Duplicates (1):	114043 (view as bug list)

Alias:	CVE-2005-0201

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Timo Hoenig
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0201: CVSS v2 Base Score: 2....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-06-27 07:52 UTC by Thomas Biege
Modified:	2021-11-08 14:09 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2005-06-27 07:52:30 UTC

Hi,
this advisory was released by Mandriva:

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           dbus
 Advisory ID:            MDKSA-2005:105
 Date:                   June 24th, 2005

 Affected versions:      10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Dan Reed discovered a vulnerability in the D-BUS system for sending
 messages between applications.  He found that a user can send and
 listen to messages on another user's per-user session bus if they
 knew the address of the socket.

 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0201
 ______________________________________________________________________

 Updated Packages:
 [...]

Comment 1 Thomas Biege 2005-06-27 07:55:05 UTC

CAN-2005-0201

SM-Tracker-1652

Comment 2 Timo Hoenig 2005-06-27 09:07:53 UTC

We're shipping dbus-0.23.4 with 9.3 which is not affected by this vulnerability since the fix is already 
included upstream.

Comment 3 Thomas Biege 2005-06-27 09:09:17 UTC

perfect!

Comment 4 Timo Hoenig 2005-06-27 09:10:05 UTC

Marking as INVALID since we're not affected nor do we ever have shipped a vulnerable version of 
dbus with another distribution than 9.3.

Comment 5 Timo Hoenig 2005-08-30 09:20:49 UTC

*** Bug 114043 has been marked as a duplicate of this bug. ***

Comment 6 Thomas Biege 2009-10-13 21:29:43 UTC

CVE-2005-0201: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)