The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-04-27T17:43:00
Updated: 2024-08-07T05:04:49.402Z
Reserved: 2009-03-31T00:00:00
Link: CVE-2009-1189
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-04-27T18:00:00.267
Modified: 2024-11-21T01:01:52.520
Link: CVE-2009-1189
Redhat