CVE-2008-3834: Input Validation
First published: Tue Oct 07 2008(Updated: )
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freedesktop D-Bus | <=1.1.4 | |
| Freedesktop D-Bus | =0.1 | |
| Freedesktop D-Bus | =0.2 | |
| Freedesktop D-Bus | =0.3 | |
| Freedesktop D-Bus | =0.4 | |
| Freedesktop D-Bus | =0.5 | |
| Freedesktop D-Bus | =0.6 | |
| Freedesktop D-Bus | =0.7 | |
| Freedesktop D-Bus | =0.8 | |
| Freedesktop D-Bus | =0.9 | |
| Freedesktop D-Bus | =0.10 | |
| Freedesktop D-Bus | =0.11 | |
| Freedesktop D-Bus | =0.12 | |
| Freedesktop D-Bus | =0.13 | |
| Freedesktop D-Bus | =0.20 | |
| Freedesktop D-Bus | =0.21 | |
| Freedesktop D-Bus | =0.22 | |
| Freedesktop D-Bus | =0.23 | |
| Freedesktop D-Bus | =0.23.1 | |
| Freedesktop D-Bus | =0.23.2 | |
| Freedesktop D-Bus | =0.23.3 | |
| Freedesktop D-Bus | =0.31 | |
| Freedesktop D-Bus | =0.32 | |
| Freedesktop D-Bus | =0.33 | |
| Freedesktop D-Bus | =0.34 | |
| Freedesktop D-Bus | =0.35 | |
| Freedesktop D-Bus | =0.35.1 | |
| Freedesktop D-Bus | =0.35.2 | |
| Freedesktop D-Bus | =0.36 | |
| Freedesktop D-Bus | =0.36.1 | |
| Freedesktop D-Bus | =0.36.2 | |
| Freedesktop D-Bus | =0.50 | |
| Freedesktop D-Bus | =0.61 | |
| Freedesktop D-Bus | =0.62 | |
| Freedesktop D-Bus | =0.90 | |
| Freedesktop D-Bus | =0.91 | |
| Freedesktop D-Bus | =0.92 | |
| Freedesktop D-Bus | =1.0.2 | |
| Freedesktop D-Bus | =1.1.1 | |
| Freedesktop D-Bus | =1.1.2 | |
| D-Bus | =rc1 | |
| D-Bus | =rc2 | |
| D-Bus | =rc3 | |
| Freedesktop D-Bus |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
- http://www.securityfocus.com/bid/31602
- http://secunia.com/advisories/32127
- https://bugs.freedesktop.org/show_bug.cgi?id=17803
- http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
- http://www.ubuntu.com/usn/usn-653-1
- http://www.securitytracker.com/id?1021063
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
- http://secunia.com/advisories/32281
- http://secunia.com/advisories/32230
- http://www.debian.org/security/2008/dsa-1658
- http://secunia.com/advisories/32385
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html
- http://secunia.com/advisories/33396
- http://www.redhat.com/support/errata/RHSA-2009-0008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://www.vupen.com/english/advisories/2008/2762
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
- https://www.exploit-db.com/exploits/7822
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
Frequently Asked Questions
What is the severity of CVE-2008-3834?
CVE-2008-3834 has been classified as a denial of service vulnerability that may lead to application aborts.
How do I fix CVE-2008-3834?
To mitigate CVE-2008-3834, you should upgrade the D-bus library to version 1.2.4 or later.
What causes CVE-2008-3834?
CVE-2008-3834 is caused by the dbus_signature_validate function failing to properly handle malformed signatures.
Which versions are affected by CVE-2008-3834?
CVE-2008-3834 affects D-bus versions prior to 1.2.4, including 0.1 through 1.1.4.
Is CVE-2008-3834 exploitable remotely?
Yes, CVE-2008-3834 can be exploited remotely by sending a message with a malformed signature.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/freedesktop
- canonical/freedesktop d-bus
- version/freedesktop d-bus/1.1.4
- version/freedesktop d-bus/0.1
- version/freedesktop d-bus/0.2
- version/freedesktop d-bus/0.3
- version/freedesktop d-bus/0.4
- version/freedesktop d-bus/0.5
- version/freedesktop d-bus/0.6
- version/freedesktop d-bus/0.7
- version/freedesktop d-bus/0.8
- version/freedesktop d-bus/0.9
- version/freedesktop d-bus/0.10
- version/freedesktop d-bus/0.11
- version/freedesktop d-bus/0.12
- version/freedesktop d-bus/0.13
- version/freedesktop d-bus/0.20
- version/freedesktop d-bus/0.21
- version/freedesktop d-bus/0.22
- version/freedesktop d-bus/0.23
- version/freedesktop d-bus/0.23.1
- version/freedesktop d-bus/0.23.2
- version/freedesktop d-bus/0.23.3
- version/freedesktop d-bus/0.31
- version/freedesktop d-bus/0.32
- version/freedesktop d-bus/0.33
- version/freedesktop d-bus/0.34
- version/freedesktop d-bus/0.35
- version/freedesktop d-bus/0.35.1
- version/freedesktop d-bus/0.35.2
- version/freedesktop d-bus/0.36
- version/freedesktop d-bus/0.36.1
- version/freedesktop d-bus/0.36.2
- version/freedesktop d-bus/0.50
- version/freedesktop d-bus/0.61
- version/freedesktop d-bus/0.62
- version/freedesktop d-bus/0.90
- version/freedesktop d-bus/0.91
- version/freedesktop d-bus/0.92
- version/freedesktop d-bus/1.0.2
- version/freedesktop d-bus/1.1.1
- version/freedesktop d-bus/1.1.2
- canonical/d-bus
- version/d-bus/rc1
- version/d-bus/rc2
- version/d-bus/rc3