The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-04-27T17:43:00

Updated: 2024-08-07T05:04:49.402Z

Reserved: 2009-03-31T00:00:00

Link: CVE-2009-1189

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-04-27T18:00:00.267

Modified: 2024-11-21T01:01:52.520

Link: CVE-2009-1189

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-04-16T00:00:00Z

Links: CVE-2009-1189 - Bugzilla