D-BUS is a system for sending messages between applications. It is
used both for the systemwide message bus service, and as a
per-user-login-session messaging facility.
Dan Reed discovered that a user can send and listen to messages on another
user’s per-user session bus if they know the address of the socket. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0201 to this issue. In Red Hat Enterprise Linux 4, the
per-user session bus is only used for printing notifications, therefore
this issue would only allow a local user to examine or send additional
print notification messages.
Users of dbus are advised to upgrade to these updated packages,
which contain backported patches to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | dbus-x11 | < 0.22-12.EL.2 | dbus-x11-0.22-12.EL.2.ia64.rpm |
RedHat | any | x86_64 | dbus-python | < 0.22-12.EL.2 | dbus-python-0.22-12.EL.2.x86_64.rpm |
RedHat | any | i386 | dbus | < 0.22-12.EL.2 | dbus-0.22-12.EL.2.i386.rpm |
RedHat | any | i386 | dbus-python | < 0.22-12.EL.2 | dbus-python-0.22-12.EL.2.i386.rpm |
RedHat | any | s390x | dbus-devel | < 0.22-12.EL.2 | dbus-devel-0.22-12.EL.2.s390x.rpm |
RedHat | any | ppc64 | dbus | < 0.22-12.EL.2 | dbus-0.22-12.EL.2.ppc64.rpm |
RedHat | any | i386 | dbus-glib | < 0.22-12.EL.2 | dbus-glib-0.22-12.EL.2.i386.rpm |
RedHat | any | s390 | dbus-glib | < 0.22-12.EL.2 | dbus-glib-0.22-12.EL.2.s390.rpm |
RedHat | any | x86_64 | dbus-glib | < 0.22-12.EL.2 | dbus-glib-0.22-12.EL.2.x86_64.rpm |
RedHat | any | ia64 | dbus-glib | < 0.22-12.EL.2 | dbus-glib-0.22-12.EL.2.ia64.rpm |