CVE-2009-1189

Name of the Vulnerable Software and Affected Versions D-Bus versions prior to 1.2.14 D-Bus version 1.1.2

Description The issue is due to incorrect logic used in the dbus validate signature with reason function to validate a basic type, allowing remote attackers to spoof a signature via a crafted key. This can lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited locally.

Recommendations For D-Bus versions prior to 1.2.14, update to version 1.2.14 or later. For D-Bus version 1.1.2, consider upgrading to a newer version or applying available patches to resolve the issue. As a temporary workaround, consider restricting access to the dbus validate signature with reason function until a patch is available.