All the vulnerabilites related to freedesktop - dbus
cve-2008-3834
Vulnerability from cvelistv5
Published
2008-10-07 19:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:53:00.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2008:213", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" }, { "name": "DSA-1658", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1658" }, { "name": "31602", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/31602" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "name": "1021063", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1021063" }, { "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" }, { "name": "7822", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/7822" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" }, { "name": "32385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32385" }, { "name": "SUSE-SR:2008:027", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "name": "32281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32281" }, { "name": "FEDORA-2008-8764", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "name": "32230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32230" }, { "name": "oval:org.mitre.oval:def:10253", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "ADV-2008-2762", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2762" }, { "name": "33396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33396" }, { "name": "32127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32127" }, { "name": "RHSA-2009:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html" }, { "name": "USN-653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-653-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-10-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDVSA-2008:213", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" }, { "name": "DSA-1658", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1658" }, { "name": "31602", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/31602" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "name": "1021063", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1021063" }, { "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" }, { "name": "7822", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/7822" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" }, { "name": "32385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32385" }, { "name": "SUSE-SR:2008:027", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "name": "32281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32281" }, { "name": "FEDORA-2008-8764", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "name": "32230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32230" }, { "name": "oval:org.mitre.oval:def:10253", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "ADV-2008-2762", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2762" }, { "name": "33396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33396" }, { "name": "32127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32127" }, { "name": "RHSA-2009:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html" }, { "name": "USN-653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-653-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-3834", "datePublished": "2008-10-07T19:00:00", "dateReserved": "2008-08-27T00:00:00", "dateUpdated": "2024-08-07T09:53:00.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-0595
Vulnerability from cvelistv5
Published
2008-02-29 19:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:54:22.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29281" }, { "name": "ADV-2008-0694", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0694" }, { "name": "RHSA-2008:0159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html" }, { "name": "29160", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29160" }, { "name": "29148", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29148" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/" }, { "name": "FEDORA-2008-2043", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html" }, { "name": "29173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29173" }, { "name": "MDVSA-2008:054", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054" }, { "name": "29171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29171" }, { "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099" }, { "name": "oval:org.mitre.oval:def:9353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353" }, { "name": "1019512", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019512" }, { "name": "SUSE-SR:2008:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "32281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32281" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099" }, { "name": "FEDORA-2008-2070", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html" }, { "name": "DSA-1599", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1599" }, { "name": "29323", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29323" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-2282" }, { "name": "30869", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30869" }, { "name": "28023", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28023" }, { "name": "USN-653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-653-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-27T00:00:00", "descriptions": [ { "lang": "en", "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "29281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29281" }, { "name": "ADV-2008-0694", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0694" }, { "name": "RHSA-2008:0159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html" }, { "name": "29160", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29160" }, { "name": "29148", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29148" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/" }, { "name": "FEDORA-2008-2043", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html" }, { "name": "29173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29173" }, { "name": "MDVSA-2008:054", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054" }, { "name": "29171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29171" }, { "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099" }, { "name": "oval:org.mitre.oval:def:9353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353" }, { "name": "1019512", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019512" }, { "name": "SUSE-SR:2008:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "32281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32281" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099" }, { "name": "FEDORA-2008-2070", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html" }, { "name": "DSA-1599", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1599" }, { "name": "29323", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29323" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-2282" }, { "name": "30869", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30869" }, { "name": "28023", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28023" }, { "name": "USN-653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-653-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-0595", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29281", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29281" }, { "name": "ADV-2008-0694", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0694" }, { "name": "RHSA-2008:0159", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html" }, { "name": "openSUSE-SU-2012:1418", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html" }, { "name": "29160", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29160" }, { "name": "29148", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29148" }, { "name": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/", "refsource": "CONFIRM", "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/" }, { "name": "FEDORA-2008-2043", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html" }, { "name": "29173", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29173" }, { "name": "MDVSA-2008:054", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054" }, { "name": "29171", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29171" }, { "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded" }, { "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099" }, { "name": "oval:org.mitre.oval:def:9353", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353" }, { "name": "1019512", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019512" }, { "name": "SUSE-SR:2008:006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "32281", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32281" }, { "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0099", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099" }, { "name": "FEDORA-2008-2070", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html" }, { "name": "DSA-1599", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1599" }, { "name": "29323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29323" }, { "name": "https://issues.rpath.com/browse/RPL-2282", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2282" }, { "name": "30869", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30869" }, { "name": "28023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28023" }, { "name": "USN-653-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-653-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0595", "datePublished": "2008-02-29T19:00:00", "dateReserved": "2008-02-05T00:00:00", "dateUpdated": "2024-08-07T07:54:22.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-0245
Vulnerability from cvelistv5
Published
2015-02-13 15:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
References
▼ | URL | Tags |
---|---|---|
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html | vendor-advisory, x_refsource_SUSE | |
http://www.debian.org/security/2015/dsa-3161 | vendor-advisory, x_refsource_DEBIAN | |
http://www.openwall.com/lists/oss-security/2015/02/09/6 | mailing-list, x_refsource_MLIST | |
http://advisories.mageia.org/MGASA-2015-0071.html | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:03:10.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "openSUSE-SU-2015:0300", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" }, { "name": "DSA-3161", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3161" }, { "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2015-0071.html" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-02-09T00:00:00", "descriptions": [ { "lang": "en", "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-16T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "openSUSE-SU-2015:0300", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" }, { "name": "DSA-3161", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3161" }, { "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2015-0071.html" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0245", "datePublished": "2015-02-13T15:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-7824
Vulnerability from cvelistv5
Published
2014-11-18 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2014/11/10/2 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/62603 | third-party-advisory, x_refsource_SECUNIA | |
http://advisories.mageia.org/MGASA-2014-0457.html | x_refsource_CONFIRM | |
https://bugs.freedesktop.org/show_bug.cgi?id=85105 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/98576 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/71012 | vdb-entry, x_refsource_BID | |
http://www.ubuntu.com/usn/USN-2425-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.debian.org/security/2014/dsa-3099 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:03:27.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2" }, { "name": "62603", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62603" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0457.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105" }, { "name": "dbus-cve20147824-dos(98576)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576" }, { "name": "71012", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/71012" }, { "name": "USN-2425-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2425-1" }, { "name": "DSA-3099", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3099" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-11-10T00:00:00", "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-07T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2" }, { "name": "62603", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62603" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0457.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105" }, { "name": "dbus-cve20147824-dos(98576)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576" }, { "name": "71012", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/71012" }, { "name": "USN-2425-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2425-1" }, { "name": "DSA-3099", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3099" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-7824", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2" }, { "name": "62603", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62603" }, { "name": "http://advisories.mageia.org/MGASA-2014-0457.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0457.html" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=85105", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105" }, { "name": "dbus-cve20147824-dos(98576)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576" }, { "name": "71012", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71012" }, { "name": "USN-2425-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2425-1" }, { "name": "DSA-3099", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3099" }, { "name": "MDVSA-2015:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-7824", "datePublished": "2014-11-18T15:00:00", "dateReserved": "2014-10-03T00:00:00", "dateUpdated": "2024-08-06T13:03:27.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42012
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42012", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12049
Vulnerability from cvelistv5
Published
2020-06-08 00:00
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30" }, { "name": "USN-4398-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4398-1/" }, { "name": "USN-4398-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4398-2/" }, { "name": "GLSA-202007-46", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-46" }, { "tags": [ "x_transferred" ], "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16" }, { "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3" }, { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18" }, { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30" }, { "name": "USN-4398-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4398-1/" }, { "name": "USN-4398-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4398-2/" }, { "name": "GLSA-202007-46", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202007-46" }, { "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak" }, { "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12049", "datePublished": "2020-06-08T00:00:00", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35512
Vulnerability from cvelistv5
Published
2021-02-15 16:08
Modified
2024-11-19 15:32
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
References
▼ | URL | Tags |
---|---|---|
https://bugs.gentoo.org/755392 | x_refsource_MISC | |
https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1909101 | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2020-35512 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | D-Bus Development branch |
Version: <= 1.13.16 (Fixed: >= 1.13.18) |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:08.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.gentoo.org/755392" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-35512", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T15:31:25.634957Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T15:32:44.371Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "D-Bus Development branch", "vendor": "n/a", "versions": [ { "status": "affected", "version": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)" } ] }, { "product": "dbus-1.12.x stable branch", "vendor": "n/a", "versions": [ { "status": "affected", "version": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)" } ] }, { "product": "dbus-1.10.x and older branches (EOL)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "\u003c= 1.10.30 (Fixed: 1.10.32)" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors" } ], "problemTypes": [ { "descriptions": [ { "description": "Use-After-Free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-08T20:46:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.gentoo.org/755392" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35512", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "D-Bus Development branch", "version": { "version_data": [ { "version_value": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)" } ] } }, { "product_name": "dbus-1.12.x stable branch", "version": { "version_data": [ { "version_value": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)" } ] } }, { "product_name": "dbus-1.10.x and older branches (EOL)", "version": { "version_data": [ { "version_value": "\u003c= 1.10.30 (Fixed: 1.10.32)" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use-After-Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.gentoo.org/755392", "refsource": "MISC", "url": "https://bugs.gentoo.org/755392" }, { "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2020-35512", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35512", "datePublished": "2021-02-15T16:08:39", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-11-19T15:32:44.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3477
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:43:06.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "67986", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/67986" }, { "name": "openSUSE-SU-2014:0874", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" }, { "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q2/509" }, { "name": "openSUSE-SU-2014:0821", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0266.html" }, { "name": "59428", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59428" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-04-13T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "67986", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67986" }, { "name": "openSUSE-SU-2014:0874", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" }, { "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q2/509" }, { "name": "openSUSE-SU-2014:0821", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0266.html" }, { "name": "59428", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59428" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3477", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "59798", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "67986", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67986" }, { "name": "openSUSE-SU-2014:0874", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" }, { "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/509" }, { "name": "openSUSE-SU-2014:0821", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" }, { "name": "http://advisories.mageia.org/MGASA-2014-0266.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0266.html" }, { "name": "59428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59428" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=78979", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567" }, { "name": "DSA-2971", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "MDVSA-2015:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3477", "datePublished": "2014-07-01T17:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:43:06.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42011
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42011", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34969
Vulnerability from cvelistv5
Published
2023-06-08 00:00
Modified
2024-08-02 16:17
Severity ?
EPSS score ?
Summary
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457" }, { "name": "FEDORA-2023-d22162d9ba", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/" }, { "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T19:06:18.886572", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457" }, { "name": "FEDORA-2023-d22162d9ba", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/" }, { "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-34969", "datePublished": "2023-06-08T00:00:00", "dateReserved": "2023-06-08T00:00:00", "dateUpdated": "2024-08-02T16:17:04.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2168
Vulnerability from cvelistv5
Published
2013-07-03 18:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:27:41.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2707" }, { "name": "FEDORA-2013-11142", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "MDVSA-2013:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177" }, { "name": "openSUSE-SU-2013:1118", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html" }, { "name": "53317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/53317" }, { "name": "FEDORA-2013-11198", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109" }, { "name": "oval:org.mitre.oval:def:16881", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881" }, { "name": "1028667", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1028667" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7" }, { "name": "USN-1874-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1874-1" }, { "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2" }, { "name": "53832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/53832" }, { "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html" }, { "name": "60546", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/60546" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-06-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2707" }, { "name": "FEDORA-2013-11142", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "MDVSA-2013:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177" }, { "name": "openSUSE-SU-2013:1118", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html" }, { "name": "53317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/53317" }, { "name": "FEDORA-2013-11198", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109" }, { "name": "oval:org.mitre.oval:def:16881", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881" }, { "name": "1028667", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1028667" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7" }, { "name": "USN-1874-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1874-1" }, { "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2" }, { "name": "53832", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/53832" }, { "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html" }, { "name": "60546", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/60546" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2168", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2707", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2707" }, { "name": "FEDORA-2013-11142", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html" }, { "name": "openSUSE-SU-2014:1239", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "MDVSA-2013:177", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177" }, { "name": "openSUSE-SU-2013:1118", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html" }, { "name": "53317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53317" }, { "name": "FEDORA-2013-11198", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=974109", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109" }, { "name": "oval:org.mitre.oval:def:16881", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881" }, { "name": "1028667", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028667" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7" }, { "name": "USN-1874-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1874-1" }, { "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2" }, { "name": "53832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53832" }, { "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html" }, { "name": "60546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60546" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2168", "datePublished": "2013-07-03T18:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:41.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-2200
Vulnerability from cvelistv5
Published
2011-06-22 22:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:53:17.198Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/06/13/12" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" }, { "name": "[dbus] 20110530 D-Bus daemon big and little endian issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" }, { "name": "RHSA-2011:1132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" }, { "name": "dbus-nonnative-dos(67974)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "44896", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44896" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" }, { "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7" }, { "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" }, { "name": "[dbus] 20070317 D-Bus daemon endianness issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/06/13/12" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" }, { "name": "[dbus] 20110530 D-Bus daemon big and little endian issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" }, { "name": "RHSA-2011:1132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" }, { "name": "dbus-nonnative-dos(67974)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "44896", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44896" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" }, { "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7" }, { "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" }, { "name": "[dbus] 20070317 D-Bus daemon endianness issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2200", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/06/13/12" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" }, { "name": "[dbus] 20110530 D-Bus daemon big and little endian issue", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" }, { "name": "RHSA-2011:1132", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" }, { "name": "dbus-nonnative-dos(67974)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=38120", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "44896", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44896" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=712676", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" }, { "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/06/12/1" }, { "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7" }, { "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/06/12/2" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" }, { "name": "[dbus] 20070317 D-Bus daemon endianness issue", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2200", "datePublished": "2011-06-22T22:00:00", "dateReserved": "2011-05-31T00:00:00", "dateUpdated": "2024-08-06T22:53:17.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42010
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42010", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3635
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2352-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
https://bugs.freedesktop.org/show_bug.cgi?id=83622 | x_refsource_CONFIRM | |
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/61378 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2014/09/16/9 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030864 | vdb-entry, x_refsource_SECTRACK | |
http://advisories.mageia.org/MGASA-2014-0395.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-3026 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:18.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-16T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3635", "datePublished": "2014-09-22T15:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-12749
Vulnerability from cvelistv5
Published
2019-06-11 16:11
Modified
2024-12-06 13:09
Severity ?
EPSS score ?
Summary
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-12-06T13:09:22.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "USN-4015-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4015-1/" }, { "name": "USN-4015-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4015-2/" }, { "name": "DSA-4462", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4462" }, { "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/16" }, { "name": "108751", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108751" }, { "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" }, { "name": "FEDORA-2019-d5ded5326b", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" }, { "name": "openSUSE-SU-2019:1604", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html" }, { "name": "openSUSE-SU-2019:1671", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html" }, { "name": "RHSA-2019:1726", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1726" }, { "name": "openSUSE-SU-2019:1750", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html" }, { "name": "GLSA-201909-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201909-08" }, { "name": "RHSA-2019:2868", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2868" }, { "name": "RHSA-2019:2870", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2870" }, { "name": "RHSA-2019:3707", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3707" }, { "url": "https://security.netapp.com/advisory/ntap-20241206-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-06T00:07:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "USN-4015-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4015-1/" }, { "name": "USN-4015-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4015-2/" }, { "name": "DSA-4462", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4462" }, { "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/16" }, { "name": "108751", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108751" }, { "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" }, { "name": "FEDORA-2019-d5ded5326b", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" }, { "name": "openSUSE-SU-2019:1604", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html" }, { "name": "openSUSE-SU-2019:1671", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html" }, { "name": "RHSA-2019:1726", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1726" }, { "name": "openSUSE-SU-2019:1750", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html" }, { "name": "GLSA-201909-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201909-08" }, { "name": "RHSA-2019:2868", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2868" }, { "name": "RHSA-2019:2870", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2870" }, { "name": "RHSA-2019:3707", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3707" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12749", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2019/06/11/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "name": "USN-4015-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4015-1/" }, { "name": "USN-4015-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4015-2/" }, { "name": "DSA-4462", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4462" }, { "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/16" }, { "name": "108751", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108751" }, { "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" }, { "name": "FEDORA-2019-d5ded5326b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" }, { "name": "openSUSE-SU-2019:1604", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html" }, { "name": "openSUSE-SU-2019:1671", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html" }, { "name": "RHSA-2019:1726", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1726" }, { "name": "openSUSE-SU-2019:1750", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html" }, { "name": "GLSA-201909-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-08" }, { "name": "RHSA-2019:2868", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2868" }, { "name": "RHSA-2019:2870", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2870" }, { "name": "RHSA-2019:3707", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3707" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12749", "datePublished": "2019-06-11T16:11:45", "dateReserved": "2019-06-06T00:00:00", "dateUpdated": "2024-12-06T13:09:22.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3638
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2352-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/61378 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2014/09/16/9 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030864 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/61431 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.freedesktop.org/show_bug.cgi?id=81053 | x_refsource_CONFIRM | |
http://advisories.mageia.org/MGASA-2014-0395.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-3026 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "SUSE-SU-2014:1146", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030864" }, { "name": "61431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61431" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-04T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "SUSE-SU-2014:1146", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030864" }, { "name": "61431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61431" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3638", "datePublished": "2014-09-22T15:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3639
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2352-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/61378 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2014/09/16/9 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030864 | vdb-entry, x_refsource_SECTRACK | |
https://bugs.freedesktop.org/show_bug.cgi?id=80919 | x_refsource_CONFIRM | |
http://secunia.com/advisories/61431 | third-party-advisory, x_refsource_SECUNIA | |
http://advisories.mageia.org/MGASA-2014-0395.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-3026 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:18.243Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "SUSE-SU-2014:1146", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919" }, { "name": "61431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61431" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-04T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "SUSE-SU-2014:1146", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919" }, { "name": "61431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61431" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3639", "datePublished": "2014-09-22T15:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3532
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/59798 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/59611 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/60236 | third-party-advisory, x_refsource_SECUNIA | |
http://advisories.mageia.org/MGASA-2014-0294.html | x_refsource_CONFIRM | |
https://bugs.freedesktop.org/show_bug.cgi?id=80163 | x_refsource_CONFIRM | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-2971 | vendor-advisory, x_refsource_DEBIAN | |
http://openwall.com/lists/oss-security/2014/07/02/4 | mailing-list, x_refsource_MLIST | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:16.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-12T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "59798", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60236" }, { "name": "http://advisories.mageia.org/MGASA-2014-0294.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80163", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3532", "datePublished": "2014-07-19T19:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-2533
Vulnerability from cvelistv5
Published
2011-06-22 23:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
References
▼ | URL | Tags |
---|---|---|
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id?1025720 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:08:22.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "dbus-configure-symlink(68173)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" }, { "name": "1025720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025720" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-06-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "dbus-configure-symlink(68173)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" }, { "name": "1025720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025720" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2533", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", "refsource": "CONFIRM", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "name": "dbus-configure-symlink(68173)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" }, { "name": "1025720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025720" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2533", "datePublished": "2011-06-22T23:00:00", "dateReserved": "2011-06-22T00:00:00", "dateUpdated": "2024-08-06T23:08:22.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-4311
Vulnerability from cvelistv5
Published
2008-12-10 00:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:08:35.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229" }, { "name": "33047", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33047" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "name": "dbus-sendreceive-security-bypass(47138)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138" }, { "name": "34642", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34642" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895" }, { "name": "ADV-2008-3355", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/3355" }, { "name": "SUSE-SR:2009:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "name": "FEDORA-2008-10907", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html" }, { "name": "33055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33055" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://forums.fedoraforum.org/showthread.php?t=206797" }, { "name": "34360", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34360" }, { "name": "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html" }, { "name": "SUSE-SR:2009:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "name": "32674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/32674" }, { "name": "SUSE-SA:2009:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229" }, { "name": "33047", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33047" }, { "name": "openSUSE-SU-2012:1418", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "name": "dbus-sendreceive-security-bypass(47138)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138" }, { "name": "34642", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34642" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895" }, { "name": "ADV-2008-3355", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/3355" }, { "name": "SUSE-SR:2009:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "name": "FEDORA-2008-10907", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html" }, { "name": "33055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33055" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://forums.fedoraforum.org/showthread.php?t=206797" }, { "name": "34360", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34360" }, { "name": "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html" }, { "name": "SUSE-SR:2009:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "name": "32674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/32674" }, { "name": "SUSE-SA:2009:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-4311", "datePublished": "2008-12-10T00:00:00", "dateReserved": "2008-09-29T00:00:00", "dateUpdated": "2024-08-07T10:08:35.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1189
Vulnerability from cvelistv5
Published
2009-04-27 17:43
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:04:49.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13" }, { "name": "dbus-dbusmarshalvalidate-spoofing(50385)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "name": "31602", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/31602" }, { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "USN-799-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/799-1/" }, { "name": "35810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35810" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "name": "oval:org.mitre.oval:def:10308", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "32127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32127" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-04-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13" }, { "name": "dbus-dbusmarshalvalidate-spoofing(50385)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "name": "31602", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/31602" }, { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "USN-799-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/799-1/" }, { "name": "35810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35810" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "name": "oval:org.mitre.oval:def:10308", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "32127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32127" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1189", "datePublished": "2009-04-27T17:43:00", "dateReserved": "2009-03-31T00:00:00", "dateUpdated": "2024-08-07T05:04:49.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3636
Vulnerability from cvelistv5
Published
2014-10-25 20:00
Modified
2024-10-17 18:03
Severity ?
EPSS score ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2352-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/61378 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2014/09/16/9 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030864 | vdb-entry, x_refsource_SECTRACK | |
https://bugs.freedesktop.org/show_bug.cgi?id=82820 | x_refsource_CONFIRM | |
http://advisories.mageia.org/MGASA-2014-0395.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-3026 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:18.334Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2014-3636", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T17:04:09.265575Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-17T18:03:39.167Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-05-14T16:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3636", "datePublished": "2014-10-25T20:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-10-17T18:03:39.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3637
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2352-1 | vendor-advisory, x_refsource_UBUNTU | |
https://bugs.freedesktop.org/show_bug.cgi?id=80559 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/61378 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2014/09/16/9 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030864 | vdb-entry, x_refsource_SECTRACK | |
http://advisories.mageia.org/MGASA-2014-0395.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-3026 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2019/06/24/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2019/06/24/14 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:18.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13" }, { "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-25T02:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "61378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61378" }, { "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "name": "1030864", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "name": "DSA-3026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3026" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13" }, { "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3637", "datePublished": "2014-09-22T15:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3533
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/59798 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/59611 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/60236 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.freedesktop.org/show_bug.cgi?id=80469 | x_refsource_CONFIRM | |
http://advisories.mageia.org/MGASA-2014-0294.html | x_refsource_CONFIRM | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-2971 | vendor-advisory, x_refsource_DEBIAN | |
https://bugs.freedesktop.org/show_bug.cgi?id=79694 | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2014/07/02/4 | mailing-list, x_refsource_MLIST | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:16.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-12T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "59798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3533", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "59798", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59798" }, { "name": "59611", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59611" }, { "name": "openSUSE-SU-2014:1239", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "name": "60236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60236" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80469", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469" }, { "name": "http://advisories.mageia.org/MGASA-2014-0294.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "DSA-2971", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "name": "https://bugs.freedesktop.org/show_bug.cgi?id=79694", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694" }, { "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "name": "MDVSA-2015:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3533", "datePublished": "2014-07-19T19:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
debian | debian_linux | 7.0 | |
freedesktop | dbus | 1.3.0 | |
freedesktop | dbus | 1.3.1 | |
freedesktop | dbus | 1.4.0 | |
freedesktop | dbus | 1.4.1 | |
freedesktop | dbus | 1.4.4 | |
freedesktop | dbus | 1.4.6 | |
freedesktop | dbus | 1.4.8 | |
freedesktop | dbus | 1.4.10 | |
freedesktop | dbus | 1.4.12 | |
freedesktop | dbus | 1.4.14 | |
freedesktop | dbus | 1.4.16 | |
freedesktop | dbus | 1.4.18 | |
freedesktop | dbus | 1.4.20 | |
freedesktop | dbus | 1.4.22 | |
freedesktop | dbus | 1.4.24 | |
freedesktop | dbus | 1.4.26 | |
freedesktop | dbus | 1.5.0 | |
freedesktop | dbus | 1.5.2 | |
freedesktop | dbus | 1.5.4 | |
freedesktop | dbus | 1.5.6 | |
freedesktop | dbus | 1.5.8 | |
freedesktop | dbus | 1.5.10 | |
freedesktop | dbus | 1.5.12 | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
mageia_project | mageia | 3 | |
mageia_project | mageia | 4 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*", "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor." }, { "lang": "es", "value": "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegaci\u00f3n de servicio (desconexi\u00f3n) a trav\u00e9s de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenv\u00ede un mensaje que contiene un descriptor de ficheros inv\u00e1lido." } ], "id": "CVE-2014-3533", "lastModified": "2024-11-21T02:08:19.100", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-07-19T19:55:08.013", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59611" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59798" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60236" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "secalert@redhat.com", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-25 20:55
Modified
2024-11-21 02:08
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
d-bus_project | d-bus | * | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441", "versionEndIncluding": "1.6.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call." }, { "lang": "es", "value": "D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales (1) causar una denegaci\u00f3n de servicio (prevenci\u00f3n de conexiones nuevas y ca\u00edda de conexi\u00f3n) mediante la creaci\u00f3n de una cola del m\u00e1ximo n\u00famero de descriptores de ficheros o (2) causar una denegaci\u00f3n de servicio (desconexi\u00f3n) a trav\u00e9s de m\u00faltiples mensajes que combinan para tener m\u00e1s que el n\u00famero permitido de descriptores de ficheros para una llamada \u00fanica a sendmsg." } ], "id": "CVE-2014-3636", "lastModified": "2024-11-21T02:08:33.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-25T20:55:07.973", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61378" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.3.0 | |
freedesktop | dbus | 1.3.1 | |
freedesktop | dbus | 1.4.0 | |
freedesktop | dbus | 1.4.1 | |
freedesktop | dbus | 1.4.4 | |
freedesktop | dbus | 1.4.6 | |
freedesktop | dbus | 1.4.8 | |
freedesktop | dbus | 1.4.10 | |
freedesktop | dbus | 1.4.12 | |
freedesktop | dbus | 1.4.14 | |
freedesktop | dbus | 1.4.16 | |
freedesktop | dbus | 1.4.18 | |
freedesktop | dbus | 1.4.20 | |
freedesktop | dbus | 1.4.22 | |
freedesktop | dbus | 1.4.24 | |
freedesktop | dbus | 1.4.26 | |
freedesktop | dbus | 1.5.0 | |
freedesktop | dbus | 1.5.2 | |
freedesktop | dbus | 1.5.4 | |
freedesktop | dbus | 1.5.6 | |
freedesktop | dbus | 1.5.8 | |
freedesktop | dbus | 1.5.10 | |
freedesktop | dbus | 1.5.12 | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.6.22 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor." }, { "lang": "es", "value": "D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra correctamente las conexiones para procesos que hayan terminado, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio a trav\u00e9s de un mensaje D-bus que contiene un descriptor de ficheros de conexiones D-Bus." } ], "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/775.html\"\u003eCWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime\u003c/a\u003e", "id": "CVE-2014-3637", "lastModified": "2024-11-21T02:08:33.360", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-09-22T15:55:08.030", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61378" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-17" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-12-10 00:30
Modified
2024-11-21 00:51
Severity ?
Summary
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA717BEA-178B-462B-A6D7-D355366F5A2C", "versionEndIncluding": "1.2.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*", "matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply." }, { "lang": "es", "value": "La configuraci\u00f3n por defecto de system.conf en \r\nD-Bus (alias DBus) y versiones anteriores a 1.2.6 omite el atributo send_type en ciertas reglas, el cual permite a los usuarios locales evitar las restricciones de acceso (1) enviando mensajes, en relaci\u00f3n a send_requested_reply; y posiblemente (2) recibiendo mensajes, relativos a receive_requested_reply." } ], "id": "CVE-2008-4311", "lastModified": "2024-11-21T00:51:21.863", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-12-10T00:30:00.220", "references": [ { "source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532" }, { "source": "secalert@redhat.com", "url": "http://forums.fedoraforum.org/showthread.php?t=206797" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33047" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33055" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/34360" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/34642" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/32674" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/3355" }, { "source": "secalert@redhat.com", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://forums.fedoraforum.org/showthread.php?t=206797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3355" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-16" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
freedesktop | dbus | * | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
fedoraproject | fedora | 37 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA", "versionEndExcluding": "1.12.24", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F", "versionEndExcluding": "1.14.4", "versionStartIncluding": "1.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format." }, { "lang": "es", "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados al enviar un mensaje con descriptores de archivo adjuntos en un formato no esperado" } ], "id": "CVE-2022-42012", "lastModified": "2024-11-21T07:24:15.933", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-10-10T00:15:09.627", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
d-bus_project | d-bus | * | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441", "versionEndIncluding": "1.6.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls." }, { "lang": "es", "value": "La funci\u00f3n bus_connections_check_reply en config-parser.c en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un n\u00famero grande de llamadas de m\u00e9todos." } ], "id": "CVE-2014-3638", "lastModified": "2024-11-21T02:08:33.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-09-22T15:55:08.077", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61378" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61431" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-06-08 03:15
Modified
2024-11-21 08:07
Severity ?
Summary
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
freedesktop | dbus | * | |
fedoraproject | fedora | 38 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0C27DA9-8223-4925-B3B8-4F36EB1FDD1F", "versionEndExcluding": "1.12.28", "versionStartIncluding": "1.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B50ED37A-5986-4AB3-8D32-108D0BA2B9B8", "versionEndExcluding": "1.14.8", "versionStartIncluding": "1.14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF88A5BF-3A26-4E9F-B19B-DB32F3185527", "versionEndExcluding": "1.15.6", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6." }, { "lang": "es", "value": "D-Bus en versiones anteriores a v1.15.6 a veces permite a usuarios sin privilegios bloquear el \"dbus-daemon\". Si un usuario privilegiado con control sobre \"dbus-daemon\" est\u00e1 usando la interfaz \"org.freedesktop.DBus.Monitoring\" para monitorizar el tr\u00e1fico del bus de mensajes, entonces un usuario sin privilegios con la capacidad de conectarse al mismo \"dbus-daemon\" puede causar un fallo del \"dbus-daemon\" bajo algunas circunstancias a trav\u00e9s de un mensaje sin respuesta. Cuando se hace en el bus del sistema conocido, se trata de una vulnerabilidad de denegaci\u00f3n de servicio. Las versiones que corrigen esta vulnerabilidad son v1.12.28, v1.14.8 y v1.15.6. " } ], "id": "CVE-2023-34969", "lastModified": "2024-11-21T08:07:44.607", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-06-08T03:15:08.970", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/" }, { "source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20231208-0007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231208-0007/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
d-bus_project | d-bus | * | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441", "versionEndIncluding": "1.6.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure." }, { "lang": "es", "value": "Error por un paso en D-Bus 1.3.0 hasta la versi\u00f3n 1.6.x en versiones anteriores a 1.6.24 y 1.8.x en versiones anteriores a 1.8.8, cuando cuando se ejecuta en sistemas de 64 bits y el l\u00edmite max_message_unix_fds est\u00e1 establecido en un n\u00famero impar, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de dbus-daemon) o posiblemente ejecutar c\u00f3digo arbitrario enviando un descriptor de archivo superior al m\u00e1ximo, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica o un fallo de aserci\u00f3n." } ], "id": "CVE-2014-3635", "lastModified": "2024-11-21T02:08:33.087", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-09-22T15:55:07.983", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61378" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-10-07 21:01
Modified
2024-11-21 00:50
Severity ?
Summary
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "F812F6E2-0AFD-43E7-B41B-E42A40F7B9B1", "versionEndIncluding": "1.1.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8671706-FC4E-4485-945C-C397C80D859E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc1:*:*:*:*:*:*:*", "matchCriteriaId": "FD645A12-104C-492E-88DF-564F5243908C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc2:*:*:*:*:*:*:*", "matchCriteriaId": "C8155853-ABF6-44D0-AC28-F57A3F31674A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc3:*:*:*:*:*:*:*", "matchCriteriaId": "6C7B4067-5BE5-49AE-8118-9E5D0A09BBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus1.1.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "B10EE142-34F2-4BF3-A51A-5A6741F6C2E2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error." }, { "lang": "es", "value": "La funci\u00f3n dbus_signature_validat en la librer\u00eda D-bus (libdbus), versiones anteriores a 1.2.4, permite a los atacantes remotos causar una denegaci\u00f3n de servicios (aplicaci\u00f3n suspendida) a trav\u00e9s de un mensaje que contiene una firma mal formada, el cual lanza un error assertion." } ], "id": "CVE-2008-3834", "lastModified": "2024-11-21T00:50:13.770", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-10-07T21:01:52.150", "references": [ { "source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/32127" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32230" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32281" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32385" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33396" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1658" }, { "source": "secalert@redhat.com", "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/31602" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1021063" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-653-1" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/2762" }, { "source": "secalert@redhat.com", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" }, { "source": "secalert@redhat.com", "url": "https://www.exploit-db.com/exploits/7822" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/32127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32281" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32385" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1658" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2762" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7822" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2024-11-21 02:08
Severity ?
Summary
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A4C0086-D6E9-4CD1-9040-EB95758ED486", "vulnerable": true }, { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2E7F6C16-1844-4F12-A3FC-C2AC10805334", "vulnerable": true }, { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8AF98155-0783-4EF2-B9BB-618531386506", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "440816BE-3817-48EC-8099-41DEC47ED8B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "1FDAE1F4-584F-4B70-9263-E6153A7F892C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service." }, { "lang": "es", "value": "El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, env\u00eda un error AccessDenied al servicio en lugar de al cliente cuando el cliente tiene prohibido el acceso al servicio, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (fallo de inicializaci\u00f3n y salida) o posiblemente realizar un ataque de canal lateral a trav\u00e9s de un mensaje D-Bus a un servicio inactivo." } ], "id": "CVE-2014-3477", "lastModified": "2024-11-21T02:08:11.467", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-07-01T17:55:04.277", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0266.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://seclists.org/oss-sec/2014/q2/509" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59428" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59611" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59798" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/67986" }, { "source": "secalert@redhat.com", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0266.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://seclists.org/oss-sec/2014/q2/509" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59428" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67986" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.12.20 | |
linux | linux_kernel | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.12.20:*:*:*:*:*:*:*", "matchCriteriaId": "D03731AA-A978-47F1-AE31-4873554468E8", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors" }, { "lang": "es", "value": "Se encontr\u00f3 un fallo de uso de la memoria previamente liberada D-Bus rama de desarrollo versiones iguales o anteriores a 1.13.16, dbus-1.12.x rama estable versiones iguales o anteriores a 1.12.18, y dbus-1.10.x y ramas anteriores versiones iguales o anteriores a 1.10.30 cuando un sistema tiene m\u00faltiples nombres de usuario que comparten el mismo UID. Cuando un conjunto de reglas de pol\u00edtica hace referencia a estos nombres de usuario, D-Bus puede liberar algo de memoria en la pila, que sigue siendo utilizada por las estructuras de datos necesarias para los otros nombres de usuario que comparten el UID, lo que puede provocar un fallo u otros comportamientos indefinidos" } ], "id": "CVE-2020-35512", "lastModified": "2024-11-21T05:27:28.203", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-02-15T17:15:12.993", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugs.gentoo.org/755392" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101" }, { "source": "secalert@redhat.com", "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128" }, { "source": "secalert@redhat.com", "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugs.gentoo.org/755392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-07-03 18:55
Modified
2024-11-21 01:51
Severity ?
Summary
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.4.0 | |
freedesktop | dbus | 1.4.1 | |
freedesktop | dbus | 1.4.4 | |
freedesktop | dbus | 1.4.6 | |
freedesktop | dbus | 1.4.8 | |
freedesktop | dbus | 1.4.10 | |
freedesktop | dbus | 1.4.12 | |
freedesktop | dbus | 1.4.14 | |
freedesktop | dbus | 1.4.16 | |
freedesktop | dbus | 1.4.18 | |
freedesktop | dbus | 1.4.20 | |
freedesktop | dbus | 1.4.24 | |
freedesktop | dbus | 1.7.0 | |
freedesktop | dbus | 1.7.2 | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.16 | |
opensuse | opensuse | 12.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1962D7CC-418B-4D27-A3D1-03D2AC001AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "78F81D07-F1B6-4B99-B80E-BE2D9432F59A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message." }, { "lang": "es", "value": "La funci\u00f3n _dbus_printf_string_upper_bound en dbus/dbus-sysdeps-unix.c en D-Bus (aka DBus) 1.4.x anterior a 1.4.26, 1.6.x anterior a 1.6.12, y 1.7.x anterior a 1.7.4, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de un mensaje manipulado." } ], "id": "CVE-2013-2168", "lastModified": "2024-11-21T01:51:10.603", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-07-03T18:55:01.080", "references": [ { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53317" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53832" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2707" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/60546" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1028667" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1874-1" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53317" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/60546" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1028667" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1874-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
freedesktop | dbus | * | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
fedoraproject | fedora | 37 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA", "versionEndExcluding": "1.12.24", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F", "versionEndExcluding": "1.14.4", "versionStartIncluding": "1.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures." }, { "lang": "es", "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados cuando reciben un mensaje con determinadas firmas de tipo no v\u00e1lido" } ], "id": "CVE-2022-42010", "lastModified": "2024-11-21T07:24:15.583", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-10-10T00:15:09.510", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-02-13 15:59
Modified
2024-11-21 02:22
Severity ?
Summary
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*", "matchCriteriaId": "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.26:*:*:*:*:*:*:*", "matchCriteriaId": "835DB488-7518-48D8-84C0-9683DB17BFF4", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.28:*:*:*:*:*:*:*", "matchCriteriaId": "1B63977B-D6F0-4C62-8333-EF7EBE21D030", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A1664AE8-6009-4CC1-8A4A-C3E55C431018", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "0B45E579-E43F-4725-A5AE-5194B6126ABA", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "59787F9D-0D7E-483F-BFAE-4426523C518A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "760A9BEA-337D-45D7-83B3-5446A0841277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E6D58E5-A652-4A45-A4A0-53B98FB8B251", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "EB313FC3-FE3E-43B5-8B3B-146D03EA2BFF", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "3CE1EB43-CF8C-4E61-A262-CDB0DAE862D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "CCE5143A-1691-4C95-9C39-87C575FDE7EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4037B8B-16F0-490F-AF47-269D990E30F9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds." }, { "lang": "es", "value": "D-Bus 1.4.x hasta 1.6.x anterior a 1.6.30, 1.8.x anterior a 1.8.16, y 1.9.x anterior a 1.9.10 no valida la fuente de los se\u00f1ales ActivationFailure, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (retorno del error del fallo de activaci\u00f3n) mediante el aprovechamiento de una condici\u00f3n de carrera que involucra el env\u00edo de un se\u00f1al ActivationFailure antes de que systemd responda." } ], "id": "CVE-2015-0245", "lastModified": "2024-11-21T02:22:38.547", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-02-13T15:59:08.337", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0071.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3161" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6" }, { "source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0071.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-11-18 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.6.22 | |
freedesktop | dbus | 1.6.24 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 | |
freedesktop | dbus | 1.8.8 | |
freedesktop | dbus | 1.9.0 | |
debian | debian_linux | 7.0 | |
debian | debian_linux | 8.0 | |
mageia_project | mageia | 3 | |
mageia_project | mageia | 4 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 14.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*", "matchCriteriaId": "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A1664AE8-6009-4CC1-8A4A-C3E55C431018", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E6D58E5-A652-4A45-A4A0-53B98FB8B251", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*", "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1." }, { "lang": "es", "value": "D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegaci\u00f3n de servicio (la prevenci\u00f3n de nuevas conexiones y ca\u00edda de conexi\u00f3n) colocando en cola el n\u00famero m\u00e1ximo de descriptores de archivos. NOTA: esta vulnerabilidad existe debido a que no se completo la soluci\u00f3n para CVE-2014 a 3.636,1." } ], "id": "CVE-2014-7824", "lastModified": "2024-11-21T02:18:05.043", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-11-18T15:59:04.017", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0457.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62603" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3099" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71012" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2425-1" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0457.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62603" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3099" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2425-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | opensuse | 12.3 | |
d-bus_project | d-bus | * | |
freedesktop | dbus | 1.6.0 | |
freedesktop | dbus | 1.6.2 | |
freedesktop | dbus | 1.6.4 | |
freedesktop | dbus | 1.6.6 | |
freedesktop | dbus | 1.6.8 | |
freedesktop | dbus | 1.6.10 | |
freedesktop | dbus | 1.6.12 | |
freedesktop | dbus | 1.6.14 | |
freedesktop | dbus | 1.6.16 | |
freedesktop | dbus | 1.6.18 | |
freedesktop | dbus | 1.6.20 | |
freedesktop | dbus | 1.8.0 | |
freedesktop | dbus | 1.8.2 | |
freedesktop | dbus | 1.8.4 | |
freedesktop | dbus | 1.8.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441", "versionEndIncluding": "1.6.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections." }, { "lang": "es", "value": "El demonio de dbus en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra debidamente conexiones antiguas, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (conexiones consumo incompleto y prevenci\u00f3n de nuevas conexiones) a trav\u00e9s de un gran n\u00famero de conexiones incompletas." } ], "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/774.html\"\u003eCWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling\u003c/a\u003e", "id": "CVE-2014-3639", "lastModified": "2024-11-21T02:08:33.613", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-09-22T15:55:08.123", "references": [ { "source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61378" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61431" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
freedesktop | dbus | * | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
fedoraproject | fedora | 37 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA", "versionEndExcluding": "1.12.24", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F", "versionEndExcluding": "1.14.4", "versionStartIncluding": "1.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type." }, { "lang": "es", "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados cuando reciben un mensaje en el que la longitud de un array es inconsistente con el tama\u00f1o del tipo de elemento" } ], "id": "CVE-2022-42011", "lastModified": "2024-11-21T07:24:15.753", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-10-10T00:15:09.573", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-129" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-11 17:29
Modified
2024-12-06 14:15
Severity ?
Summary
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
freedesktop | dbus | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
canonical | ubuntu_linux | 19.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB8AD8B7-BB21-4B52-8CD8-49DD5C87DBF3", "versionEndExcluding": "1.10.28", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "0571A7C4-39AA-4DA6-B221-94D2DCEAF0F0", "versionEndExcluding": "1.12.16", "versionStartIncluding": "1.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "54E6DF36-CADE-4D21-8106-C13076B54198", "versionEndExcluding": "1.13.12", "versionStartIncluding": "1.13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass." }, { "lang": "es", "value": "dbus anterior a versi\u00f3n 1.10.28, versi\u00f3n 1.12.x anterior a 1.12.16, y versi\u00f3n 1.13.x anterior a 1.13.12, como es usado en DBusServer en Canonst Upstart en Ubuntu versi\u00f3n 14.04 (y en algunos usos menos comunes de demonio dbus), permite suplantaci\u00f3n de identidad de cookie debido al manejo inapropiado de enlaces simb\u00f3licos (symlink) en la implementaci\u00f3n de referencia de DBUS_COOKIE_SHA1 en la biblioteca libdbus. (Esto solo afecta el mecanismo de autenticaci\u00f3n DBUS_COOKIE_SHA1). Un cliente malicioso con acceso de escritura a su propio directorio de inicio podr\u00eda manipular un enlace simb\u00f3lico ~/.dbus-keyrings para hacer que un DBusServer con un uid diferente lea y escriba en ubicaciones no deseadas. En el peor de los casos, esto podr\u00eda hacer que DBusServer reutilice una cookie que es conocida por el cliente malicioso, y tratar esa cookie como evidencia de que una conexi\u00f3n de cliente subsiguiente provino de un uid elegido por el atacante, lo que permite la omisi\u00f3n de autenticaci\u00f3n." } ], "id": "CVE-2019-12749", "lastModified": "2024-12-06T14:15:18.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-11T17:29:00.517", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Mitigation", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/108751" }, { "source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1726" }, { "source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2868" }, { "source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2870" }, { "source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3707" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" }, { "source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Jun/16" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-08" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4015-1/" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4015-2/" }, { "source": "cve@mitre.org", "url": "https://www.debian.org/security/2019/dsa-4462" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Mitigation", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/108751" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2868" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:3707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201909-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241206-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4015-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4015-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2019/dsa-4462" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-04-27 18:00
Modified
2024-11-21 01:01
Severity ?
Summary
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB9F83F6-FFF0-456A-87D1-A546FAA09F02", "versionEndIncluding": "1.2.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*", "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*", "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*", "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*", "matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*", "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*", "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8671706-FC4E-4485-945C-C397C80D859E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "EA580B9B-F975-4667-9ECC-703E2B16D24C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834." }, { "lang": "es", "value": "La funci\u00f3n _dbus_validate_signature_with_reason (dbus-marshal-validate.c) en D-Bus (tambi\u00e9n conocido como DBus) en versiones anteriores a 1.2.14 utiliza l\u00f3gica incorrecta para validar un tipo b\u00e1sico, lo que permite a atacantes remotos suplantar una firma a trav\u00e9s de una clave manipulada. NOTA: esto es debido a una soluci\u00f3n incorrecta para CVE-2008-3834." } ], "id": "CVE-2009-1189", "lastModified": "2024-11-21T01:01:52.520", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-04-27T18:00:00.267", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/32127" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/35810" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/31602" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/799-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/32127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/35810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/31602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/799-1/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-29 19:44
Modified
2024-11-21 00:42
Severity ?
Summary
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
fedoraproject | fedora | 7 | |
mandrakesoft | mandrake_linux | 2007 | |
mandrakesoft | mandrake_linux | 2007.0_x86_64 | |
mandrakesoft | mandrake_linux | 2007.1 | |
mandrakesoft | mandrake_linux | 2007.1 | |
mandrakesoft | mandrake_linux | 2008.0 | |
mandrakesoft | mandrake_linux | 2008.0 | |
redhat | enterprise_linux | 5 | |
redhat | enterprise_linux | 5.0 | |
freedesktop | dbus | * | |
freedesktop | dbus | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*", "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*", "matchCriteriaId": "DC4784E4-24D1-4E22-B880-846F21F52F73", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", "matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*", "matchCriteriaId": "5454336D-724E-4027-A642-1EFCB79C1ADC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "53965B9B-5A2C-4899-9DDD-8995BFED40BA", "versionEndExcluding": "1.0.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1C1F814-9430-464F-9376-B23363473BF9", "versionEndExcluding": "1.1.20", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface." }, { "lang": "es", "value": "dbus-daemon en D-Bus anterior a 1.0.3 y 1.1.x anterior a 1.1.20, reconoce atributos de send_interface en directivas de permiso en la pol\u00edtica de seguridad s\u00f3lo para llamadas a m\u00e9todos completamente cualificados, esto permite a usuarios locales evitar las restricciones de acceso pretendidas mediante llamadas a m\u00e9todos con una interfaz NULL." } ], "id": "CVE-2008-0595", "lastModified": "2024-11-21T00:42:28.070", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-02-29T19:44:00.000", "references": [ { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29148" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29160" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29171" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29173" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29281" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29323" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/30869" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/32281" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1019512" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2008/dsa-1599" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/28023" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-653-1" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2008/0694" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://issues.rpath.com/browse/RPL-2282" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29148" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29171" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29281" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/29323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/30869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/32281" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1019512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2008/dsa-1599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/28023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2008/0694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://issues.rpath.com/browse/RPL-2282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-22 22:55
Modified
2024-11-21 01:27
Severity ?
Summary
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.5.0 | |
freedesktop | dbus | 1.5.2 | |
freedesktop | dbus | 1.4.0 | |
freedesktop | dbus | 1.4.1 | |
freedesktop | dbus | 1.4.4 | |
freedesktop | dbus | 1.4.6 | |
freedesktop | dbus | 1.4.8 | |
freedesktop | dbus | 1.4.10 | |
d-bus_project | d-bus | 1.2.4.2 | |
d-bus_project | d-bus | 1.2.4.4 | |
d-bus_project | d-bus | 1.2.4.6 | |
freedesktop | dbus | 1.2.1 | |
freedesktop | dbus | 1.2.2 | |
freedesktop | dbus | 1.2.3 | |
freedesktop | dbus | 1.2.4 | |
freedesktop | dbus | 1.2.6 | |
freedesktop | dbus | 1.2.8 | |
freedesktop | dbus | 1.2.10 | |
freedesktop | dbus | 1.2.12 | |
freedesktop | dbus | 1.2.14 | |
freedesktop | dbus | 1.2.16 | |
freedesktop | dbus | 1.2.18 | |
freedesktop | dbus | 1.2.20 | |
freedesktop | dbus | 1.2.22 | |
freedesktop | dbus | 1.2.24 | |
freedesktop | dbus | 1.2.26 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:permissive", "matchCriteriaId": "7EC60852-AB03-4B8D-B5A0-1114863787D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:permissive", "matchCriteriaId": "3B95EA9A-9636-4201-953C-585109E029A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:permissive", "matchCriteriaId": "3715D2CE-2CB4-4097-8515-C8F964DB7461", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D763F9DE-EC14-4B65-89D4-6F8FDEE90047", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages." }, { "lang": "es", "value": "La funci\u00f3n _dbus_header_byteswap en dbus-marshal-header.c en D-Bus (tambi\u00e9n conocido como Dbus) v1.2.x antes de v1.2.28, v1.4.x antes de v1.4.12, y v1.5 antes de v1.5.4 no controla correctamente un orden de bytes no-nativos, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (p\u00e9rdida de la conexi\u00f3n), obtener informaci\u00f3n potencialmente sensible, o llevar a cabo ataques de modificacion de estado no especificados a trav\u00e9s de mensajes manipulados." } ], "id": "CVE-2011-2200", "lastModified": "2024-11-21T01:27:48.183", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-06-22T22:55:04.107", "references": [ { "source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" }, { "source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/1" }, { "source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/06/12/2" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://openwall.com/lists/oss-security/2011/06/13/12" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/44896" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" }, { "source": "secalert@redhat.com", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://openwall.com/lists/oss-security/2011/06/12/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/06/12/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://openwall.com/lists/oss-security/2011/06/13/12" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/44896" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
freedesktop | dbus | * | |
linux | linux_kernel | * | |
linux | linux_kernel | 2.6.37 | |
linux | linux_kernel | 2.6.37 | |
linux | linux_kernel | 2.6.37 | |
linux | linux_kernel | 2.6.37 | |
linux | linux_kernel | 2.6.37 | |
linux | linux_kernel | 2.6.37 | |
opensuse | opensuse | 12.3 | |
debian | debian_linux | 7.0 | |
mageia | mageia | 3.0 | |
mageia | mageia | 4.0 | |
oracle | solaris | 11.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "014545A6-0813-49A4-B85B-1A17B9375102", "versionEndExcluding": "1.6.22", "versionStartIncluding": "1.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "43371D3E-BE49-4449-B10A-C9AEE9007B8A", "versionEndExcluding": "1.8.6", "versionStartIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "104AEA5F-7AE2-41AA-BEF1-F71BB6D45788", "versionStartIncluding": "2.6.38", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*", "matchCriteriaId": "79F8D440-02E8-4BF7-8F56-31E4F349166B", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*", "matchCriteriaId": "F157225D-C62C-465D-A758-DE6A6C48C397", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*", "matchCriteriaId": "77BB49A9-39D0-49C4-A241-D1537590F508", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc6:*:*:*:*:*:*", "matchCriteriaId": "1BE3273F-0DB1-4607-B92B-C0A7BC099C91", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc7:*:*:*:*:*:*", "matchCriteriaId": "9BAF52C2-38F2-45C0-B6E7-7096B8A4FEEC", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc8:*:*:*:*:*:*", "matchCriteriaId": "13205DB7-6988-4D68-A944-B1EA3C145B9E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "76F1E356-E019-47E8-AA5F-702DA93CF74E", "vulnerable": true }, { "criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded." }, { "lang": "es", "value": "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6, cuando funciona en Linux 2.6.37-rc4 o posteriores, permite a usuarios locales causar una denegaci\u00f3n de servicio (desconexi\u00f3n del bus del sistema de otros servicios o aplicaciones) mediante el env\u00edo de un mensaje que contiene un descriptor de ficheros, y posteriormente el exceso en la profundidad m\u00e1xima de recursi\u00f3n antes de enviar el mensaje inicial." } ], "id": "CVE-2014-3532", "lastModified": "2024-11-21T02:08:18.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-07-19T19:55:07.950", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59611" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59798" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/60236" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2014-0294.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2014/07/02/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/60236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2014/dsa-2971" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-22 23:55
Modified
2024-11-21 01:28
Severity ?
Summary
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | 1.2.1 | |
freedesktop | dbus | 1.2.3 | |
freedesktop | dbus | 1.2.4 | |
freedesktop | dbus | 1.2.6 | |
freedesktop | dbus | 1.2.8 | |
freedesktop | dbus | 1.2.10 | |
freedesktop | dbus | 1.2.12 | |
freedesktop | dbus | 1.2.14 | |
freedesktop | dbus | 1.2.16 | |
freedesktop | dbus | 1.2.18 | |
freedesktop | dbus | 1.2.20 | |
freedesktop | dbus | 1.2.22 | |
freedesktop | dbus | 1.2.24 | |
freedesktop | dbus | 1.2.26 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/." }, { "lang": "es", "value": "La secuencia de comandos de configuraci\u00f3n de D-Bus (tambi\u00e9n conocido como DBus) v1.2.x antes de v1.2.28 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en un archivo especificado en /tmp/." } ], "id": "CVE-2011-2533", "lastModified": "2024-11-21T01:28:29.030", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-06-22T23:55:00.683", "references": [ { "source": "cve@mitre.org", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1025720" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-06-08 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freedesktop | dbus | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
canonical | ubuntu_linux | 20.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DAA98B8-A6E1-4233-9A80-7963ED2FBC01", "versionEndExcluding": "1.12.18", "versionStartIncluding": "1.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*", "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients." }, { "lang": "es", "value": "Se detect\u00f3 un problema en dbus versiones posteriores a 1.3.0 e incluy\u00e9ndola y anteriores a 1.12.18. El DBusServer en libdbus, como es usado en dbus-daemon, filtra los descriptores de archivo cuando un mensaje excede el l\u00edmite del descriptor de archivo por mensaje. Un atacante local con acceso al bus del sistema D-Bus o al socket AF_UNIX privado de otro servicio del sistema podr\u00eda utilizar esto para hacer que el servicio del sistema alcance su l\u00edmite del descriptor de archivos, negando el servicio a los clientes posteriores de D-Bus" } ], "id": "CVE-2020-12049", "lastModified": "2024-11-21T04:59:10.813", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-06-08T17:15:09.910", "references": [ { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-46" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4398-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4398-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-46" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4398-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4398-2/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-404" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }