dbus-1.10.24-15.el7
エラータID: AXSA:2020-600:03
リリース日:
2020/10/06 Tuesday - 12:22
題名:
dbus-1.10.24-15.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- dbusには、libdbusライブラリ内の DBUS_COOKIE_SHA1 のリファレンス実装に
シンボリックリンクの処理の問題があり、Cookie のスプーフィングができてしまう為に、
自分のホームディレクトリへの書き込み権を持つ悪意のあるクライアントが
~/.dbus-keyrings を操作することにより、異なるUIDを持つ DBusServer
に意図しない場所を読み書きさせ、最悪の場合は DBusServer が悪意のある
クライアントからの Cookie を再利用して攻撃者が選んだUIDからのクライアント
接続のエビデンスとして扱い、認証をバイパスしてしまう脆弱性があります。
(CVE-2019-12749)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
追加情報:
N/A
ダウンロード:
SRPMS
- dbus-1.10.24-15.el7.src.rpm
MD5: 3c102df244034d682fb5db44d69f0635
SHA-256: c05853ba9dd59674e30729228008302373be8f88cfe1f64383cebc84de047a1f
Size: 1.96 MB
Asianux Server 7 for x86_64
- dbus-1.10.24-15.el7.x86_64.rpm
MD5: bb75a161d5e3225127e283cb9e57ea7d
SHA-256: 6f663bd5180f64a69de816f7dcb60c508491c66629c9aa1dbf3b2c7329291f2a
Size: 240.48 kB - dbus-devel-1.10.24-15.el7.x86_64.rpm
MD5: d5b585d15300eee05e2b80f0222b80f7
SHA-256: 1870b2148ed0d03990f41aaf18601b7e0a29c3012ab6e2ff6fa43017edc1a74f
Size: 53.27 kB - dbus-libs-1.10.24-15.el7.x86_64.rpm
MD5: 5fc73ccd852999614d1414db6768d23f
SHA-256: 49474586805407d60e8cbd63771abc116a51185c98de3accfc6eea39c324f1fa
Size: 168.47 kB - dbus-x11-1.10.24-15.el7.x86_64.rpm
MD5: b75086661df1c141c06f34a6158f848b
SHA-256: d309c445999b8250359d03e7f8abdea5b297fd9ca4ff2f5e4940455785859c45
Size: 47.05 kB - dbus-devel-1.10.24-15.el7.i686.rpm
MD5: eb1e35e197d53d1f6295df6cb87feff1
SHA-256: 35215435eb2b3ef65bb2a99e312783b35d4a3b5225959a654c6e918557e6bdcd
Size: 53.30 kB - dbus-libs-1.10.24-15.el7.i686.rpm
MD5: b3f7692033e242e2de97e19a2751f828
SHA-256: 09d62ccebb179c8700bf7c2c7febdac209a02ad21ea2ee7aec66ebee84d41713
Size: 168.99 kB
English