All the vulnerabilites related to freedesktop - dbus
cve-2008-3834
Vulnerability from cvelistv5
Published
2008-10-07 19:00
Modified
2024-08-07 09:53
Severity ?
Summary
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2008/dsa-1658vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/31602vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlvendor-advisory, x_refsource_SUSE
https://bugs.freedesktop.org/show_bug.cgi?id=17803x_refsource_CONFIRM
http://www.securitytracker.com/id?1021063vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701vdb-entry, x_refsource_XF
https://www.exploit-db.com/exploits/7822exploit, x_refsource_EXPLOIT-DB
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834x_refsource_CONFIRM
http://secunia.com/advisories/32385third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/32281third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.htmlvendor-advisory, x_refsource_FEDORA
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88ax_refsource_CONFIRM
http://secunia.com/advisories/32230third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253vdb-entry, signature, x_refsource_OVAL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2762vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/33396third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/32127third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0008.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-653-1vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2008:213",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213"
          },
          {
            "name": "DSA-1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1658"
          },
          {
            "name": "31602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31602"
          },
          {
            "name": "openSUSE-SU-2012:1418",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803"
          },
          {
            "name": "1021063",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021063"
          },
          {
            "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701"
          },
          {
            "name": "7822",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7822"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834"
          },
          {
            "name": "32385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32385"
          },
          {
            "name": "SUSE-SR:2008:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
          },
          {
            "name": "32281",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32281"
          },
          {
            "name": "FEDORA-2008-8764",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
          },
          {
            "name": "32230",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32230"
          },
          {
            "name": "oval:org.mitre.oval:def:10253",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "ADV-2008-2762",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2762"
          },
          {
            "name": "33396",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33396"
          },
          {
            "name": "32127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32127"
          },
          {
            "name": "RHSA-2009:0008",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html"
          },
          {
            "name": "USN-653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-653-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2008:213",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213"
        },
        {
          "name": "DSA-1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1658"
        },
        {
          "name": "31602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31602"
        },
        {
          "name": "openSUSE-SU-2012:1418",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803"
        },
        {
          "name": "1021063",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021063"
        },
        {
          "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701"
        },
        {
          "name": "7822",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7822"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834"
        },
        {
          "name": "32385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32385"
        },
        {
          "name": "SUSE-SR:2008:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
        },
        {
          "name": "32281",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32281"
        },
        {
          "name": "FEDORA-2008-8764",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
        },
        {
          "name": "32230",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32230"
        },
        {
          "name": "oval:org.mitre.oval:def:10253",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "ADV-2008-2762",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2762"
        },
        {
          "name": "33396",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33396"
        },
        {
          "name": "32127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32127"
        },
        {
          "name": "RHSA-2009:0008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html"
        },
        {
          "name": "USN-653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-653-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3834",
    "datePublished": "2008-10-07T19:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:53:00.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0595
Vulnerability from cvelistv5
Published
2008-02-29 19:00
Modified
2024-08-07 07:54
Severity ?
Summary
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
References
http://secunia.com/advisories/29281third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0694vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0159.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlvendor-advisory, x_refsource_SUSE
http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/29160third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29148third-party-advisory, x_refsource_SECUNIA
http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/29173third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:054vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/29171third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/489280/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353vdb-entry, signature, x_refsource_OVAL
http://securitytracker.com/id?1019512vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/32281third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2008-0099x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2008/dsa-1599vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/29323third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-2282x_refsource_CONFIRM
http://secunia.com/advisories/30869third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/28023vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/usn-653-1vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29281",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29281"
          },
          {
            "name": "ADV-2008-0694",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0694"
          },
          {
            "name": "RHSA-2008:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html"
          },
          {
            "name": "openSUSE-SU-2012:1418",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
          },
          {
            "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html"
          },
          {
            "name": "29160",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29160"
          },
          {
            "name": "29148",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29148"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/"
          },
          {
            "name": "FEDORA-2008-2043",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html"
          },
          {
            "name": "29173",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29173"
          },
          {
            "name": "MDVSA-2008:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054"
          },
          {
            "name": "29171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29171"
          },
          {
            "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099"
          },
          {
            "name": "oval:org.mitre.oval:def:9353",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353"
          },
          {
            "name": "1019512",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019512"
          },
          {
            "name": "SUSE-SR:2008:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
          },
          {
            "name": "32281",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099"
          },
          {
            "name": "FEDORA-2008-2070",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html"
          },
          {
            "name": "DSA-1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1599"
          },
          {
            "name": "29323",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29323"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2282"
          },
          {
            "name": "30869",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30869"
          },
          {
            "name": "28023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28023"
          },
          {
            "name": "USN-653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-653-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "29281",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29281"
        },
        {
          "name": "ADV-2008-0694",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0694"
        },
        {
          "name": "RHSA-2008:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html"
        },
        {
          "name": "openSUSE-SU-2012:1418",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
        },
        {
          "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html"
        },
        {
          "name": "29160",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29160"
        },
        {
          "name": "29148",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29148"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/"
        },
        {
          "name": "FEDORA-2008-2043",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html"
        },
        {
          "name": "29173",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29173"
        },
        {
          "name": "MDVSA-2008:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054"
        },
        {
          "name": "29171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29171"
        },
        {
          "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099"
        },
        {
          "name": "oval:org.mitre.oval:def:9353",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353"
        },
        {
          "name": "1019512",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019512"
        },
        {
          "name": "SUSE-SR:2008:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
        },
        {
          "name": "32281",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099"
        },
        {
          "name": "FEDORA-2008-2070",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html"
        },
        {
          "name": "DSA-1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1599"
        },
        {
          "name": "29323",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29323"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2282"
        },
        {
          "name": "30869",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30869"
        },
        {
          "name": "28023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28023"
        },
        {
          "name": "USN-653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-653-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-0595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29281",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29281"
            },
            {
              "name": "ADV-2008-0694",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0694"
            },
            {
              "name": "RHSA-2008:0159",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html"
            },
            {
              "name": "openSUSE-SU-2012:1418",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
            },
            {
              "name": "[dbus] 20080227 [ANNOUNCE] CVE-2008-0595 D-Bus Security Releases - D-Bus 1.0.3 and D-Bus 1.1.20",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html"
            },
            {
              "name": "29160",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29160"
            },
            {
              "name": "29148",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29148"
            },
            {
              "name": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/",
              "refsource": "CONFIRM",
              "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/"
            },
            {
              "name": "FEDORA-2008-2043",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html"
            },
            {
              "name": "29173",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29173"
            },
            {
              "name": "MDVSA-2008:054",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054"
            },
            {
              "name": "29171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29171"
            },
            {
              "name": "20080307 rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099"
            },
            {
              "name": "oval:org.mitre.oval:def:9353",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353"
            },
            {
              "name": "1019512",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019512"
            },
            {
              "name": "SUSE-SR:2008:006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
            },
            {
              "name": "32281",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32281"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0099",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099"
            },
            {
              "name": "FEDORA-2008-2070",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html"
            },
            {
              "name": "DSA-1599",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1599"
            },
            {
              "name": "29323",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29323"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2282",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2282"
            },
            {
              "name": "30869",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30869"
            },
            {
              "name": "28023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28023"
            },
            {
              "name": "USN-653-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-653-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-0595",
    "datePublished": "2008-02-29T19:00:00",
    "dateReserved": "2008-02-05T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0245
Vulnerability from cvelistv5
Published
2015-02-13 15:00
Modified
2024-08-06 04:03
Severity ?
Summary
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "openSUSE-SU-2015:0300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
          },
          {
            "name": "DSA-3161",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3161"
          },
          {
            "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-16T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "openSUSE-SU-2015:0300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
        },
        {
          "name": "DSA-3161",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3161"
        },
        {
          "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0245",
    "datePublished": "2015-02-13T15:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-7824
Vulnerability from cvelistv5
Published
2014-11-18 15:00
Modified
2024-08-06 13:03
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
http://www.openwall.com/lists/oss-security/2014/11/10/2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/62603third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0457.htmlx_refsource_CONFIRM
https://bugs.freedesktop.org/show_bug.cgi?id=85105x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/98576vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/71012vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-2425-1vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-3099vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
          },
          {
            "name": "62603",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62603"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
          },
          {
            "name": "dbus-cve20147824-dos(98576)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
          },
          {
            "name": "71012",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71012"
          },
          {
            "name": "USN-2425-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2425-1"
          },
          {
            "name": "DSA-3099",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3099"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
        },
        {
          "name": "62603",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62603"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
        },
        {
          "name": "dbus-cve20147824-dos(98576)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
        },
        {
          "name": "71012",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71012"
        },
        {
          "name": "USN-2425-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2425-1"
        },
        {
          "name": "DSA-3099",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3099"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-7824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
            },
            {
              "name": "62603",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62603"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0457.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
            },
            {
              "name": "dbus-cve20147824-dos(98576)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
            },
            {
              "name": "71012",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71012"
            },
            {
              "name": "USN-2425-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2425-1"
            },
            {
              "name": "DSA-3099",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3099"
            },
            {
              "name": "MDVSA-2015:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7824",
    "datePublished": "2014-11-18T15:00:00",
    "dateReserved": "2014-10-03T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42012
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
          },
          {
            "name": "FEDORA-2022-076544c8aa",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
          },
          {
            "name": "FEDORA-2022-7a963a79d1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
          },
          {
            "name": "FEDORA-2022-b0c2f2ab74",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
          },
          {
            "name": "GLSA-202305-08",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
        },
        {
          "name": "FEDORA-2022-076544c8aa",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
        },
        {
          "name": "FEDORA-2022-7a963a79d1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
        },
        {
          "name": "FEDORA-2022-b0c2f2ab74",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
        },
        {
          "name": "GLSA-202305-08",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-08"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42012",
    "datePublished": "2022-10-09T00:00:00",
    "dateReserved": "2022-10-03T00:00:00",
    "dateUpdated": "2024-08-03T12:56:39.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12049
Vulnerability from cvelistv5
Published
2020-06-08 00:00
Modified
2024-08-04 11:48
Severity ?
Summary
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
          },
          {
            "name": "USN-4398-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4398-1/"
          },
          {
            "name": "USN-4398-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4398-2/"
          },
          {
            "name": "GLSA-202007-46",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
        },
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
        },
        {
          "name": "USN-4398-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4398-1/"
        },
        {
          "name": "USN-4398-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4398-2/"
        },
        {
          "name": "GLSA-202007-46",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202007-46"
        },
        {
          "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
        },
        {
          "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12049",
    "datePublished": "2020-06-08T00:00:00",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35512
Vulnerability from cvelistv5
Published
2021-02-15 16:08
Modified
2024-11-19 15:32
Severity ?
Summary
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
Impacted products
Vendor Product Version
n/a dbus-1.12.x stable branch Version: <= 1.12.18 (Fixed: >= 1.12.20)
n/a dbus-1.10.x and older branches (EOL) Version: <= 1.10.30 (Fixed: 1.10.32)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/755392"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-35512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:31:25.634957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:32:44.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "D-Bus Development branch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
            }
          ]
        },
        {
          "product": "dbus-1.12.x stable branch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
            }
          ]
        },
        {
          "product": "dbus-1.10.x and older branches (EOL)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.10.30 (Fixed: 1.10.32)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-After-Free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-08T20:46:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/755392"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "D-Bus Development branch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "dbus-1.12.x stable branch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "dbus-1.10.x and older branches (EOL)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-After-Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/755392",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/755392"
            },
            {
              "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2020-35512",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35512",
    "datePublished": "2021-02-15T16:08:39",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-11-19T15:32:44.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3477
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 10:43
Severity ?
Summary
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59798",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59798"
          },
          {
            "name": "59611",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59611"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "67986",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67986"
          },
          {
            "name": "openSUSE-SU-2014:0874",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
          },
          {
            "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/509"
          },
          {
            "name": "openSUSE-SU-2014:0821",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
          },
          {
            "name": "59428",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567"
          },
          {
            "name": "DSA-2971",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2971"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-13T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59798",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59798"
        },
        {
          "name": "59611",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59611"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "67986",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67986"
        },
        {
          "name": "openSUSE-SU-2014:0874",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
        },
        {
          "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/509"
        },
        {
          "name": "openSUSE-SU-2014:0821",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
        },
        {
          "name": "59428",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567"
        },
        {
          "name": "DSA-2971",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2971"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59798",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59798"
            },
            {
              "name": "59611",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59611"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "67986",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67986"
            },
            {
              "name": "openSUSE-SU-2014:0874",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
            },
            {
              "name": "[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/509"
            },
            {
              "name": "openSUSE-SU-2014:0821",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0266.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
            },
            {
              "name": "59428",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59428"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=78979",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567"
            },
            {
              "name": "DSA-2971",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2971"
            },
            {
              "name": "MDVSA-2015:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3477",
    "datePublished": "2014-07-01T17:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42011
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
          },
          {
            "name": "FEDORA-2022-076544c8aa",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
          },
          {
            "name": "FEDORA-2022-7a963a79d1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
          },
          {
            "name": "FEDORA-2022-b0c2f2ab74",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
          },
          {
            "name": "GLSA-202305-08",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
        },
        {
          "name": "FEDORA-2022-076544c8aa",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
        },
        {
          "name": "FEDORA-2022-7a963a79d1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
        },
        {
          "name": "FEDORA-2022-b0c2f2ab74",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
        },
        {
          "name": "GLSA-202305-08",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-08"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42011",
    "datePublished": "2022-10-09T00:00:00",
    "dateReserved": "2022-10-03T00:00:00",
    "dateUpdated": "2024-08-03T12:56:39.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-34969
Vulnerability from cvelistv5
Published
2023-06-08 00:00
Modified
2024-08-02 16:17
Severity ?
Summary
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:17:04.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
          },
          {
            "name": "FEDORA-2023-d22162d9ba",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
          },
          {
            "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-08T19:06:18.886572",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
        },
        {
          "name": "FEDORA-2023-d22162d9ba",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
        },
        {
          "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-34969",
    "datePublished": "2023-06-08T00:00:00",
    "dateReserved": "2023-06-08T00:00:00",
    "dateUpdated": "2024-08-02T16:17:04.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-2168
Vulnerability from cvelistv5
Published
2013-07-03 18:00
Modified
2024-08-06 15:27
Severity ?
Summary
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:41.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2707"
          },
          {
            "name": "FEDORA-2013-11142",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "MDVSA-2013:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
          },
          {
            "name": "openSUSE-SU-2013:1118",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
          },
          {
            "name": "53317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53317"
          },
          {
            "name": "FEDORA-2013-11198",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
          },
          {
            "name": "oval:org.mitre.oval:def:16881",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
          },
          {
            "name": "1028667",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028667"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
          },
          {
            "name": "USN-1874-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1874-1"
          },
          {
            "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
          },
          {
            "name": "53832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53832"
          },
          {
            "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
          },
          {
            "name": "60546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60546"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-2707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2707"
        },
        {
          "name": "FEDORA-2013-11142",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "MDVSA-2013:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
        },
        {
          "name": "openSUSE-SU-2013:1118",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
        },
        {
          "name": "53317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53317"
        },
        {
          "name": "FEDORA-2013-11198",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
        },
        {
          "name": "oval:org.mitre.oval:def:16881",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
        },
        {
          "name": "1028667",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028667"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
        },
        {
          "name": "USN-1874-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1874-1"
        },
        {
          "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
        },
        {
          "name": "53832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53832"
        },
        {
          "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
        },
        {
          "name": "60546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60546"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2168",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2707",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2707"
            },
            {
              "name": "FEDORA-2013-11142",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "MDVSA-2013:177",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
            },
            {
              "name": "openSUSE-SU-2013:1118",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
            },
            {
              "name": "53317",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53317"
            },
            {
              "name": "FEDORA-2013-11198",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=974109",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
            },
            {
              "name": "oval:org.mitre.oval:def:16881",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
            },
            {
              "name": "1028667",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028667"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
            },
            {
              "name": "USN-1874-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1874-1"
            },
            {
              "name": "[oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
            },
            {
              "name": "53832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53832"
            },
            {
              "name": "[dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
            },
            {
              "name": "60546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60546"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2168",
    "datePublished": "2013-07-03T18:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:27:41.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2200
Vulnerability from cvelistv5
Published
2011-06-22 22:00
Modified
2024-08-06 22:53
Severity ?
Summary
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/06/13/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4"
          },
          {
            "name": "[dbus] 20110530 D-Bus daemon big and little endian issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html"
          },
          {
            "name": "RHSA-2011:1132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html"
          },
          {
            "name": "dbus-nonnative-dos(67974)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
          },
          {
            "name": "44896",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676"
          },
          {
            "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/06/12/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7"
          },
          {
            "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/06/12/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938"
          },
          {
            "name": "[dbus] 20070317 D-Bus daemon endianness issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/06/13/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4"
        },
        {
          "name": "[dbus] 20110530 D-Bus daemon big and little endian issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html"
        },
        {
          "name": "RHSA-2011:1132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html"
        },
        {
          "name": "dbus-nonnative-dos(67974)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
        },
        {
          "name": "44896",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676"
        },
        {
          "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/06/12/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7"
        },
        {
          "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/06/12/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938"
        },
        {
          "name": "[dbus] 20070317 D-Bus daemon endianness issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/06/13/12"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4"
            },
            {
              "name": "[dbus] 20110530 D-Bus daemon big and little endian issue",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html"
            },
            {
              "name": "RHSA-2011:1132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html"
            },
            {
              "name": "dbus-nonnative-dos(67974)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=38120",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
            },
            {
              "name": "44896",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44896"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=712676",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676"
            },
            {
              "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/06/12/1"
            },
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7"
            },
            {
              "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/06/12/2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938"
            },
            {
              "name": "[dbus] 20070317 D-Bus daemon endianness issue",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2200",
    "datePublished": "2011-06-22T22:00:00",
    "dateReserved": "2011-05-31T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42010
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
          },
          {
            "name": "FEDORA-2022-076544c8aa",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
          },
          {
            "name": "FEDORA-2022-7a963a79d1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
          },
          {
            "name": "FEDORA-2022-b0c2f2ab74",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
          },
          {
            "name": "GLSA-202305-08",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
        },
        {
          "name": "FEDORA-2022-076544c8aa",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
        },
        {
          "name": "FEDORA-2022-7a963a79d1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
        },
        {
          "name": "FEDORA-2022-b0c2f2ab74",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
        },
        {
          "name": "GLSA-202305-08",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-08"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42010",
    "datePublished": "2022-10-09T00:00:00",
    "dateReserved": "2022-10-03T00:00:00",
    "dateUpdated": "2024-08-03T12:56:39.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3635
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2352-1"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "61378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61378"
          },
          {
            "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
          },
          {
            "name": "1030864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
          },
          {
            "name": "DSA-3026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3026"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-16T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2352-1"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "61378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61378"
        },
        {
          "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
        },
        {
          "name": "1030864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
        },
        {
          "name": "DSA-3026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3026"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3635",
    "datePublished": "2014-09-22T15:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12749
Vulnerability from cvelistv5
Published
2019-06-11 16:11
Modified
2024-12-06 13:09
Severity ?
Summary
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
References
https://www.openwall.com/lists/oss-security/2019/06/11/2x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/06/11/2mailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4015-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4015-2/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2019/dsa-4462vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Jun/16mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/108751vdb-entry, x_refsource_BID
https://lists.debian.org/debian-lts-announce/2019/06/msg00005.htmlmailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:1726vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201909-08vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:2868vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2870vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3707vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-06T13:09:22.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
          },
          {
            "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
          },
          {
            "name": "USN-4015-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4015-1/"
          },
          {
            "name": "USN-4015-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4015-2/"
          },
          {
            "name": "DSA-4462",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4462"
          },
          {
            "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/16"
          },
          {
            "name": "108751",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108751"
          },
          {
            "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
          },
          {
            "name": "FEDORA-2019-d5ded5326b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
          },
          {
            "name": "openSUSE-SU-2019:1604",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
          },
          {
            "name": "openSUSE-SU-2019:1671",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
          },
          {
            "name": "RHSA-2019:1726",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1726"
          },
          {
            "name": "openSUSE-SU-2019:1750",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
          },
          {
            "name": "GLSA-201909-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-08"
          },
          {
            "name": "RHSA-2019:2868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2868"
          },
          {
            "name": "RHSA-2019:2870",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2870"
          },
          {
            "name": "RHSA-2019:3707",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3707"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241206-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-06T00:07:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
        },
        {
          "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
        },
        {
          "name": "USN-4015-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4015-1/"
        },
        {
          "name": "USN-4015-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4015-2/"
        },
        {
          "name": "DSA-4462",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4462"
        },
        {
          "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/16"
        },
        {
          "name": "108751",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108751"
        },
        {
          "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
        },
        {
          "name": "FEDORA-2019-d5ded5326b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
        },
        {
          "name": "openSUSE-SU-2019:1604",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
        },
        {
          "name": "openSUSE-SU-2019:1671",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
        },
        {
          "name": "RHSA-2019:1726",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1726"
        },
        {
          "name": "openSUSE-SU-2019:1750",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
        },
        {
          "name": "GLSA-201909-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-08"
        },
        {
          "name": "RHSA-2019:2868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2868"
        },
        {
          "name": "RHSA-2019:2870",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2870"
        },
        {
          "name": "RHSA-2019:3707",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3707"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2019/06/11/2",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "USN-4015-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4015-1/"
            },
            {
              "name": "USN-4015-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4015-2/"
            },
            {
              "name": "DSA-4462",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4462"
            },
            {
              "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/16"
            },
            {
              "name": "108751",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108751"
            },
            {
              "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
            },
            {
              "name": "FEDORA-2019-d5ded5326b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
            },
            {
              "name": "openSUSE-SU-2019:1604",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1671",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
            },
            {
              "name": "RHSA-2019:1726",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1726"
            },
            {
              "name": "openSUSE-SU-2019:1750",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
            },
            {
              "name": "GLSA-201909-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-08"
            },
            {
              "name": "RHSA-2019:2868",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2868"
            },
            {
              "name": "RHSA-2019:2870",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2870"
            },
            {
              "name": "RHSA-2019:3707",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3707"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12749",
    "datePublished": "2019-06-11T16:11:45",
    "dateReserved": "2019-06-06T00:00:00",
    "dateUpdated": "2024-12-06T13:09:22.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3638
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
References
http://www.ubuntu.com/usn/USN-2352-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61378third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/09/16/9mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1030864vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/61431third-party-advisory, x_refsource_SECUNIA
https://bugs.freedesktop.org/show_bug.cgi?id=81053x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0395.htmlx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3026vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2352-1"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "SUSE-SU-2014:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
          },
          {
            "name": "61378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61378"
          },
          {
            "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
          },
          {
            "name": "1030864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030864"
          },
          {
            "name": "61431",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
          },
          {
            "name": "DSA-3026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3026"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2352-1"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "SUSE-SU-2014:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
        },
        {
          "name": "61378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61378"
        },
        {
          "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
        },
        {
          "name": "1030864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030864"
        },
        {
          "name": "61431",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
        },
        {
          "name": "DSA-3026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3026"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3638",
    "datePublished": "2014-09-22T15:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3639
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
References
http://www.ubuntu.com/usn/USN-2352-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61378third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/09/16/9mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1030864vdb-entry, x_refsource_SECTRACK
https://bugs.freedesktop.org/show_bug.cgi?id=80919x_refsource_CONFIRM
http://secunia.com/advisories/61431third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0395.htmlx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3026vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2352-1"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "SUSE-SU-2014:1146",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
          },
          {
            "name": "61378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61378"
          },
          {
            "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
          },
          {
            "name": "1030864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
          },
          {
            "name": "61431",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
          },
          {
            "name": "DSA-3026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3026"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2352-1"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "SUSE-SU-2014:1146",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
        },
        {
          "name": "61378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61378"
        },
        {
          "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
        },
        {
          "name": "1030864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
        },
        {
          "name": "61431",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
        },
        {
          "name": "DSA-3026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3026"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3639",
    "datePublished": "2014-09-22T15:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3532
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
References
http://secunia.com/advisories/59798third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59611third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60236third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0294.htmlx_refsource_CONFIRM
https://bugs.freedesktop.org/show_bug.cgi?id=80163x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2971vendor-advisory, x_refsource_DEBIAN
http://openwall.com/lists/oss-security/2014/07/02/4mailing-list, x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:16.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59798",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59798"
          },
          {
            "name": "59611",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59611"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "60236",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60236"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "DSA-2971",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2971"
          },
          {
            "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-12T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59798",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59798"
        },
        {
          "name": "59611",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59611"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "60236",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60236"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "DSA-2971",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2971"
        },
        {
          "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59798",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59798"
            },
            {
              "name": "59611",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59611"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "60236",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60236"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0294.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80163",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "DSA-2971",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2971"
            },
            {
              "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
            },
            {
              "name": "MDVSA-2015:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3532",
    "datePublished": "2014-07-19T19:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:16.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2533
Vulnerability from cvelistv5
Published
2011-06-22 23:00
Modified
2024-08-06 23:08
Severity ?
Summary
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:22.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
          },
          {
            "name": "dbus-configure-symlink(68173)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173"
          },
          {
            "name": "1025720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025720"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
        },
        {
          "name": "dbus-configure-symlink(68173)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173"
        },
        {
          "name": "1025720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2",
              "refsource": "CONFIRM",
              "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
            },
            {
              "name": "dbus-configure-symlink(68173)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173"
            },
            {
              "name": "1025720",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2533",
    "datePublished": "2011-06-22T23:00:00",
    "dateReserved": "2011-06-22T00:00:00",
    "dateUpdated": "2024-08-06T23:08:22.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-4311
Vulnerability from cvelistv5
Published
2008-12-10 00:00
Modified
2024-08-07 10:08
Severity ?
Summary
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:35.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229"
          },
          {
            "name": "33047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33047"
          },
          {
            "name": "openSUSE-SU-2012:1418",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
          },
          {
            "name": "dbus-sendreceive-security-bypass(47138)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138"
          },
          {
            "name": "34642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895"
          },
          {
            "name": "ADV-2008-3355",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3355"
          },
          {
            "name": "SUSE-SR:2009:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "FEDORA-2008-10907",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html"
          },
          {
            "name": "33055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.fedoraforum.org/showthread.php?t=206797"
          },
          {
            "name": "34360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34360"
          },
          {
            "name": "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html"
          },
          {
            "name": "SUSE-SR:2009:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
          },
          {
            "name": "32674",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32674"
          },
          {
            "name": "SUSE-SA:2009:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229"
        },
        {
          "name": "33047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33047"
        },
        {
          "name": "openSUSE-SU-2012:1418",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
        },
        {
          "name": "dbus-sendreceive-security-bypass(47138)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138"
        },
        {
          "name": "34642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34642"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895"
        },
        {
          "name": "ADV-2008-3355",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3355"
        },
        {
          "name": "SUSE-SR:2009:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
        },
        {
          "name": "FEDORA-2008-10907",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html"
        },
        {
          "name": "33055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.fedoraforum.org/showthread.php?t=206797"
        },
        {
          "name": "34360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34360"
        },
        {
          "name": "[dbus] 20081205 [CVE-2008-4311] DBus 1.2.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html"
        },
        {
          "name": "SUSE-SR:2009:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
        },
        {
          "name": "32674",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32674"
        },
        {
          "name": "SUSE-SA:2009:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-4311",
    "datePublished": "2008-12-10T00:00:00",
    "dateReserved": "2008-09-29T00:00:00",
    "dateUpdated": "2024-08-07T10:08:35.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1189
Vulnerability from cvelistv5
Published
2009-04-27 17:43
Modified
2024-08-07 05:04
Severity ?
Summary
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
          },
          {
            "name": "dbus-dbusmarshalvalidate-spoofing(50385)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
          },
          {
            "name": "31602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31602"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "USN-799-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/799-1/"
          },
          {
            "name": "35810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35810"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
          },
          {
            "name": "oval:org.mitre.oval:def:10308",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "32127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32127"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key.  NOTE: this is due to an incorrect fix for CVE-2008-3834."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
        },
        {
          "name": "dbus-dbusmarshalvalidate-spoofing(50385)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
        },
        {
          "name": "31602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31602"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "USN-799-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/799-1/"
        },
        {
          "name": "35810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35810"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
        },
        {
          "name": "oval:org.mitre.oval:def:10308",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "32127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32127"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1189",
    "datePublished": "2009-04-27T17:43:00",
    "dateReserved": "2009-03-31T00:00:00",
    "dateUpdated": "2024-08-07T05:04:49.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3636
Vulnerability from cvelistv5
Published
2014-10-25 20:00
Modified
2024-10-17 18:03
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
References
http://www.ubuntu.com/usn/USN-2352-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61378third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/09/16/9mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1030864vdb-entry, x_refsource_SECTRACK
https://bugs.freedesktop.org/show_bug.cgi?id=82820x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0395.htmlx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3026vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2352-1"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "61378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61378"
          },
          {
            "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
          },
          {
            "name": "1030864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
          },
          {
            "name": "DSA-3026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3026"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2014-3636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T17:04:09.265575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:03:39.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-14T16:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2352-1"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "61378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61378"
        },
        {
          "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
        },
        {
          "name": "1030864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
        },
        {
          "name": "DSA-3026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3026"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3636",
    "datePublished": "2014-10-25T20:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-10-17T18:03:39.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3637
Vulnerability from cvelistv5
Published
2014-09-22 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
References
http://www.ubuntu.com/usn/USN-2352-1vendor-advisory, x_refsource_UBUNTU
https://bugs.freedesktop.org/show_bug.cgi?id=80559x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61378third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/09/16/9mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1030864vdb-entry, x_refsource_SECTRACK
http://advisories.mageia.org/MGASA-2014-0395.htmlx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3026vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
http://www.openwall.com/lists/oss-security/2019/06/24/13mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/06/24/14mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2352-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "61378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61378"
          },
          {
            "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
          },
          {
            "name": "1030864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
          },
          {
            "name": "DSA-3026",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3026"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          },
          {
            "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
          },
          {
            "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-25T02:06:06",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2352-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "61378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61378"
        },
        {
          "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
        },
        {
          "name": "1030864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
        },
        {
          "name": "DSA-3026",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3026"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        },
        {
          "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
        },
        {
          "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3637",
    "datePublished": "2014-09-22T15:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3533
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:16.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59798",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59798"
          },
          {
            "name": "59611",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59611"
          },
          {
            "name": "openSUSE-SU-2014:1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
          },
          {
            "name": "60236",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60236"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "DSA-2971",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2971"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
          },
          {
            "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
          },
          {
            "name": "MDVSA-2015:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-12T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59798",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59798"
        },
        {
          "name": "59611",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59611"
        },
        {
          "name": "openSUSE-SU-2014:1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
        },
        {
          "name": "60236",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60236"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "DSA-2971",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2971"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
        },
        {
          "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
        },
        {
          "name": "MDVSA-2015:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59798",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59798"
            },
            {
              "name": "59611",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59611"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "60236",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60236"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0294.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "DSA-2971",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2971"
            },
            {
              "name": "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
            },
            {
              "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
            },
            {
              "name": "MDVSA-2015:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3533",
    "datePublished": "2014-07-19T19:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:16.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0294.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2014/07/02/4
secalert@redhat.comhttp://secunia.com/advisories/59611
secalert@redhat.comhttp://secunia.com/advisories/59798
secalert@redhat.comhttp://secunia.com/advisories/60236
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2971
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=79694
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=80469Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0294.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/07/02/4
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59611
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59798
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60236
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2971
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=79694
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=80469Vendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
    },
    {
      "lang": "es",
      "value": "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegaci\u00f3n de servicio (desconexi\u00f3n) a trav\u00e9s de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenv\u00ede un mensaje que contiene un descriptor de ficheros inv\u00e1lido."
    }
  ],
  "id": "CVE-2014-3533",
  "lastModified": "2024-11-21T02:08:19.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-19T19:55:08.013",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60236"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-25 20:55
Modified
2024-11-21 02:08
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
Impacted products
Vendor Product Version
d-bus_project d-bus *
freedesktop dbus 1.8.0
freedesktop dbus 1.8.2
freedesktop dbus 1.8.4
freedesktop dbus 1.8.6
opensuse opensuse 12.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441",
              "versionEndIncluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call."
    },
    {
      "lang": "es",
      "value": "D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales (1) causar una denegaci\u00f3n de servicio (prevenci\u00f3n de conexiones nuevas y ca\u00edda de conexi\u00f3n) mediante la creaci\u00f3n de una cola del m\u00e1ximo n\u00famero de descriptores de ficheros o (2) causar una denegaci\u00f3n de servicio (desconexi\u00f3n) a trav\u00e9s de m\u00faltiples mensajes que combinan para tener m\u00e1s que el n\u00famero permitido de descriptores de ficheros para una llamada \u00fanica a sendmsg."
    }
  ],
  "id": "CVE-2014-3636",
  "lastModified": "2024-11-21T02:08:33.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-25T20:55:07.973",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/61378
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3026
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/09/16/9
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2019/06/24/13
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2019/06/24/14
secalert@redhat.comhttp://www.securitytracker.com/id/1030864
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2352-1
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=80559Patch
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61378
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3026
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/09/16/9
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/24/13
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/24/14
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030864
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2352-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=80559Patch



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor."
    },
    {
      "lang": "es",
      "value": "D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra correctamente las conexiones para procesos que hayan terminado, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio a trav\u00e9s de un mensaje D-bus que contiene un descriptor de ficheros de conexiones D-Bus."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/775.html\"\u003eCWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime\u003c/a\u003e",
  "id": "CVE-2014-3637",
  "lastModified": "2024-11-21T02:08:33.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-22T15:55:08.030",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-10 00:30
Modified
2024-11-21 00:51
Severity ?
Summary
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532
secalert@redhat.comhttp://forums.fedoraforum.org/showthread.php?t=206797
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2008-December/010702.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
secalert@redhat.comhttp://secunia.com/advisories/33047Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/33055Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34360
secalert@redhat.comhttp://secunia.com/advisories/34642
secalert@redhat.comhttp://www.securityfocus.com/bid/32674
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/3355
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=18229
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=474895
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/47138
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532
af854a3a-2127-422b-91ae-364da2661108http://forums.fedoraforum.org/showthread.php?t=206797
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2008-December/010702.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33047Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33055Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34360
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34642
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32674
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3355
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=18229
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=474895
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47138
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA717BEA-178B-462B-A6D7-D355366F5A2C",
              "versionEndIncluding": "1.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto de system.conf en \r\nD-Bus (alias DBus) y versiones anteriores a 1.2.6 omite el atributo send_type en ciertas reglas, el cual permite a los usuarios locales evitar las restricciones de acceso (1) enviando mensajes, en relaci\u00f3n a send_requested_reply; y posiblemente (2) recibiendo mensajes, relativos a receive_requested_reply."
    }
  ],
  "id": "CVE-2008-4311",
  "lastModified": "2024-11-21T00:51:21.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-10T00:30:00.220",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://forums.fedoraforum.org/showthread.php?t=206797"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33047"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33055"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/32674"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/3355"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.fedoraforum.org/showthread.php?t=206797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/dbus/2008-December/010702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=18229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
References
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/issues/417Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
cve@mitre.orghttps://security.gentoo.org/glsa/202305-08Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/issues/417Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA",
              "versionEndExcluding": "1.12.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F",
              "versionEndExcluding": "1.14.4",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C",
              "versionEndExcluding": "1.15.2",
              "versionStartIncluding": "1.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados al enviar un mensaje con descriptores de archivo adjuntos en un formato no esperado"
    }
  ],
  "id": "CVE-2022-42012",
  "lastModified": "2024-11-21T07:24:15.933",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-10T00:15:09.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/61378
secalert@redhat.comhttp://secunia.com/advisories/61431
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3026
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/09/16/9
secalert@redhat.comhttp://www.securitytracker.com/id/1030864
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2352-1
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=81053Patch
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61378
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61431
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3026
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/09/16/9
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030864
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2352-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=81053Patch
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441",
              "versionEndIncluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n bus_connections_check_reply en config-parser.c en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un n\u00famero grande de llamadas de m\u00e9todos."
    }
  ],
  "id": "CVE-2014-3638",
  "lastModified": "2024-11-21T02:08:33.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-22T15:55:08.077",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61431"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-06-08 03:15
Modified
2024-11-21 08:07
Summary
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C27DA9-8223-4925-B3B8-4F36EB1FDD1F",
              "versionEndExcluding": "1.12.28",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50ED37A-5986-4AB3-8D32-108D0BA2B9B8",
              "versionEndExcluding": "1.14.8",
              "versionStartIncluding": "1.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF88A5BF-3A26-4E9F-B19B-DB32F3185527",
              "versionEndExcluding": "1.15.6",
              "versionStartIncluding": "1.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
    },
    {
      "lang": "es",
      "value": "D-Bus en versiones anteriores a v1.15.6 a veces permite a usuarios sin privilegios bloquear el \"dbus-daemon\". Si un usuario privilegiado con control sobre \"dbus-daemon\" est\u00e1 usando la interfaz \"org.freedesktop.DBus.Monitoring\" para monitorizar el tr\u00e1fico del bus de mensajes, entonces un usuario sin privilegios con la capacidad de conectarse al mismo \"dbus-daemon\" puede causar un fallo del \"dbus-daemon\" bajo algunas circunstancias a trav\u00e9s de un mensaje sin respuesta. Cuando se hace en el bus del sistema conocido, se trata de una vulnerabilidad de denegaci\u00f3n de servicio. Las versiones que corrigen esta vulnerabilidad son v1.12.28, v1.14.8 y v1.15.6. "
    }
  ],
  "id": "CVE-2023-34969",
  "lastModified": "2024-11-21T08:07:44.607",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-08T03:15:08.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/61378
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3026
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/09/16/9
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
secalert@redhat.comhttp://www.securitytracker.com/id/1030864
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2352-1
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=83622Patch
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61378
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3026
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/09/16/9
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030864
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2352-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=83622Patch
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441",
              "versionEndIncluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
    },
    {
      "lang": "es",
      "value": "Error por un paso en D-Bus 1.3.0 hasta la versi\u00f3n 1.6.x en versiones anteriores a 1.6.24 y 1.8.x en versiones anteriores a 1.8.8, cuando cuando se ejecuta en sistemas de 64 bits y el l\u00edmite max_message_unix_fds est\u00e1 establecido en un n\u00famero impar, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de dbus-daemon) o posiblemente ejecutar c\u00f3digo arbitrario enviando un descriptor de archivo superior al m\u00e1ximo, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica o un fallo de aserci\u00f3n."
    }
  ],
  "id": "CVE-2014-3635",
  "lastModified": "2024-11-21T02:08:33.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-22T15:55:07.983",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-10-07 21:01
Modified
2024-11-21 00:50
Severity ?
Summary
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
References
secalert@redhat.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
secalert@redhat.comhttp://secunia.com/advisories/32127Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/32230
secalert@redhat.comhttp://secunia.com/advisories/32281
secalert@redhat.comhttp://secunia.com/advisories/32385
secalert@redhat.comhttp://secunia.com/advisories/33396
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1658
secalert@redhat.comhttp://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:213
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-0008.html
secalert@redhat.comhttp://www.securityfocus.com/bid/31602
secalert@redhat.comhttp://www.securitytracker.com/id?1021063
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-653-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/2762
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=17803
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45701
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
secalert@redhat.comhttps://www.exploit-db.com/exploits/7822
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32127Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32230
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32281
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32385
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33396
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1658
af854a3a-2127-422b-91ae-364da2661108http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0008.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31602
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021063
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-653-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2762
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=17803
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/7822
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F812F6E2-0AFD-43E7-B41B-E42A40F7B9B1",
              "versionEndIncluding": "1.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8671706-FC4E-4485-945C-C397C80D859E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD645A12-104C-492E-88DF-564F5243908C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8155853-ABF6-44D0-AC28-F57A3F31674A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus1.0:rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7B4067-5BE5-49AE-8118-9E5D0A09BBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus1.1.0:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10EE142-34F2-4BF3-A51A-5A6741F6C2E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n dbus_signature_validat en la librer\u00eda D-bus (libdbus), versiones anteriores a 1.2.4, permite a los atacantes remotos causar una denegaci\u00f3n de servicios (aplicaci\u00f3n suspendida) a trav\u00e9s de un mensaje que contiene una firma mal formada, el cual lanza un error assertion."
    }
  ],
  "id": "CVE-2008-3834",
  "lastModified": "2024-11-21T00:50:13.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-07T21:01:52.150",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32127"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32385"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33396"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1658"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/31602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021063"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-653-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.exploit-db.com/exploits/7822"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-653-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2024-11-21 02:08
Severity ?
Summary
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0266.html
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567Patch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://seclists.org/oss-sec/2014/q2/509Patch
secalert@redhat.comhttp://secunia.com/advisories/59428
secalert@redhat.comhttp://secunia.com/advisories/59611
secalert@redhat.comhttp://secunia.com/advisories/59798
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2971
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.securityfocus.com/bid/67986
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=78979
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0266.html
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q2/509Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59428
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59611
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59798
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2971
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67986
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=78979



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4C0086-D6E9-4CD1-9040-EB95758ED486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7F6C16-1844-4F12-A3FC-C2AC10805334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF98155-0783-4EF2-B9BB-618531386506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "440816BE-3817-48EC-8099-41DEC47ED8B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDAE1F4-584F-4B70-9263-E6153A7F892C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service."
    },
    {
      "lang": "es",
      "value": "El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, env\u00eda un error AccessDenied al servicio en lugar de al cliente cuando el cliente tiene prohibido el acceso al servicio, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (fallo de inicializaci\u00f3n y salida) o posiblemente realizar un ataque de canal lateral a trav\u00e9s de un mensaje D-Bus a un servicio inactivo."
    }
  ],
  "id": "CVE-2014-3477",
  "lastModified": "2024-11-21T02:08:11.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-01T17:55:04.277",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q2/509"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59428"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/67986"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0266.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2014/q2/509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=78979"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:27
Summary
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
Impacted products
Vendor Product Version
freedesktop dbus 1.12.20
linux linux_kernel -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.12.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03731AA-A978-47F1-AE31-4873554468E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de uso de la memoria previamente liberada D-Bus rama de desarrollo versiones iguales o anteriores a 1.13.16, dbus-1.12.x rama estable versiones iguales o anteriores a 1.12.18, y dbus-1.10.x y ramas anteriores versiones iguales o anteriores a 1.10.30 cuando un sistema tiene m\u00faltiples nombres de usuario que comparten el mismo UID. Cuando un conjunto de reglas de pol\u00edtica hace referencia a estos nombres de usuario, D-Bus puede liberar algo de memoria en la pila, que sigue siendo utilizada por las estructuras de datos necesarias para los otros nombres de usuario que comparten el UID, lo que puede provocar un fallo u otros comportamientos indefinidos"
    }
  ],
  "id": "CVE-2020-35512",
  "lastModified": "2024-11-21T05:27:28.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-15T17:15:12.993",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.gentoo.org/755392"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.gentoo.org/755392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-03 18:55
Modified
2024-11-21 01:51
Severity ?
Summary
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
References
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2013-June/015696.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/53317Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/53832Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2707
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:177
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/06/13/2
secalert@redhat.comhttp://www.securityfocus.com/bid/60546
secalert@redhat.comhttp://www.securitytracker.com/id/1028667
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1874-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=974109
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53317Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53832Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2707
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/06/13/2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/60546
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028667
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1874-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=974109
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1962D7CC-418B-4D27-A3D1-03D2AC001AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F81D07-F1B6-4B99-B80E-BE2D9432F59A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n _dbus_printf_string_upper_bound en dbus/dbus-sysdeps-unix.c en D-Bus (aka DBus) 1.4.x anterior a 1.4.26, 1.6.x anterior a 1.6.12, y 1.7.x anterior a 1.7.4, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de un mensaje manipulado."
    }
  ],
  "id": "CVE-2013-2168",
  "lastModified": "2024-11-21T01:51:10.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-03T18:55:01.080",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53317"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53832"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2707"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/60546"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1028667"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1874-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1874-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
References
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/issues/418Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
cve@mitre.orghttps://security.gentoo.org/glsa/202305-08Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/issues/418Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA",
              "versionEndExcluding": "1.12.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F",
              "versionEndExcluding": "1.14.4",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C",
              "versionEndExcluding": "1.15.2",
              "versionStartIncluding": "1.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados cuando reciben un mensaje con determinadas firmas de tipo no v\u00e1lido"
    }
  ],
  "id": "CVE-2022-42010",
  "lastModified": "2024-11-21T07:24:15.583",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-10T00:15:09.510",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-13 15:59
Modified
2024-11-21 02:22
Severity ?
Summary
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "835DB488-7518-48D8-84C0-9683DB17BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B63977B-D6F0-4C62-8333-EF7EBE21D030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1664AE8-6009-4CC1-8A4A-C3E55C431018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B45E579-E43F-4725-A5AE-5194B6126ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "59787F9D-0D7E-483F-BFAE-4426523C518A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "760A9BEA-337D-45D7-83B3-5446A0841277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6D58E5-A652-4A45-A4A0-53B98FB8B251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB313FC3-FE3E-43B5-8B3B-146D03EA2BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE1EB43-CF8C-4E61-A262-CDB0DAE862D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE5143A-1691-4C95-9C39-87C575FDE7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4037B8B-16F0-490F-AF47-269D990E30F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds."
    },
    {
      "lang": "es",
      "value": "D-Bus 1.4.x hasta 1.6.x anterior a 1.6.30, 1.8.x anterior a 1.8.16, y 1.9.x anterior a 1.9.10 no valida la fuente de los se\u00f1ales ActivationFailure, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (retorno del error del fallo de activaci\u00f3n) mediante el aprovechamiento de una condici\u00f3n de carrera que involucra el env\u00edo de un se\u00f1al ActivationFailure antes de que systemd responda."
    }
  ],
  "id": "CVE-2015-0245",
  "lastModified": "2024-11-21T02:22:38.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-13T15:59:08.337",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3161"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-11-18 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1664AE8-6009-4CC1-8A4A-C3E55C431018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6D58E5-A652-4A45-A4A0-53B98FB8B251",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
    },
    {
      "lang": "es",
      "value": "D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegaci\u00f3n de servicio (la prevenci\u00f3n de nuevas conexiones y ca\u00edda de conexi\u00f3n) colocando en cola el n\u00famero m\u00e1ximo de descriptores de archivos. NOTA: esta vulnerabilidad existe debido a que no se completo la soluci\u00f3n para CVE-2014 a 3.636,1."
    }
  ],
  "id": "CVE-2014-7824",
  "lastModified": "2024-11-21T02:18:05.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-18T15:59:04.017",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62603"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3099"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/71012"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2425-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2425-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/61378
secalert@redhat.comhttp://secunia.com/advisories/61431
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3026
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/09/16/9
secalert@redhat.comhttp://www.securitytracker.com/id/1030864
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2352-1
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=80919Patch
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61378
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61431
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3026
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/09/16/9
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030864
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2352-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=80919Patch
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441",
              "versionEndIncluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections."
    },
    {
      "lang": "es",
      "value": "El demonio de dbus en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra debidamente conexiones antiguas, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (conexiones consumo incompleto y prevenci\u00f3n de nuevas conexiones) a trav\u00e9s de un gran n\u00famero de conexiones incompletas."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/774.html\"\u003eCWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling\u003c/a\u003e",
  "id": "CVE-2014-3639",
  "lastModified": "2024-11-21T02:08:33.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-22T15:55:08.123",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61431"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-10-10 00:15
Modified
2024-11-21 07:24
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
References
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/issues/413Exploit, Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
cve@mitre.orghttps://security.gentoo.org/glsa/202305-08Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/issues/413Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2022/10/06/1Mailing List, Patch, Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB582A56-F9D7-45F9-880E-93245BE7A0FA",
              "versionEndExcluding": "1.12.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA5B808-AAC0-4017-B952-B831E97D8F2F",
              "versionEndExcluding": "1.14.4",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB722CF-A75A-437E-B752-3E486464F03C",
              "versionEndExcluding": "1.15.2",
              "versionStartIncluding": "1.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados cuando reciben un mensaje en el que la longitud de un array es inconsistente con el tama\u00f1o del tipo de elemento"
    }
  ],
  "id": "CVE-2022-42011",
  "lastModified": "2024-11-21T07:24:15.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-10T00:15:09.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-11 17:29
Modified
2024-12-06 14:15
Summary
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/06/11/2Mailing List, Mitigation, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/108751
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:1726
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2868
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2870
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3707
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/06/msg00005.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jun/16
cve@mitre.orghttps://security.gentoo.org/glsa/201909-08
cve@mitre.orghttps://usn.ubuntu.com/4015-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4015-2/
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4462
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2019/06/11/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/11/2Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108751
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1726
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2868
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2870
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3707
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/16
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201909-08
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20241206-0010/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4015-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4015-2/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4462
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2019/06/11/2Mailing List, Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8AD8B7-BB21-4B52-8CD8-49DD5C87DBF3",
              "versionEndExcluding": "1.10.28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0571A7C4-39AA-4DA6-B221-94D2DCEAF0F0",
              "versionEndExcluding": "1.12.16",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E6DF36-CADE-4D21-8106-C13076B54198",
              "versionEndExcluding": "1.13.12",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
    },
    {
      "lang": "es",
      "value": "dbus anterior a versi\u00f3n 1.10.28, versi\u00f3n 1.12.x anterior a 1.12.16, y versi\u00f3n 1.13.x anterior a 1.13.12, como es usado en DBusServer en Canonst Upstart en Ubuntu versi\u00f3n 14.04 (y en algunos usos menos comunes de demonio dbus), permite suplantaci\u00f3n de identidad de cookie debido al manejo inapropiado de enlaces simb\u00f3licos (symlink) en la implementaci\u00f3n de referencia de DBUS_COOKIE_SHA1 en la biblioteca libdbus. (Esto solo afecta el mecanismo de autenticaci\u00f3n DBUS_COOKIE_SHA1). Un cliente malicioso con acceso de escritura a su propio directorio de inicio podr\u00eda manipular un enlace simb\u00f3lico ~/.dbus-keyrings para hacer que un DBusServer con un uid diferente lea y escriba en ubicaciones no deseadas. En el peor de los casos, esto podr\u00eda hacer que DBusServer reutilice una cookie que es conocida por el cliente malicioso, y tratar esa cookie como evidencia de que una conexi\u00f3n de cliente subsiguiente provino de un uid elegido por el atacante, lo que permite la omisi\u00f3n de autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2019-12749",
  "lastModified": "2024-12-06T14:15:18.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-11T17:29:00.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/108751"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1726"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:2868"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:2870"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3707"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://seclists.org/bugtraq/2019/Jun/16"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201909-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4015-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4015-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2019/dsa-4462"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/108751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jun/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201909-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20241206-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4015-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4015-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-04-27 18:00
Modified
2024-11-21 01:01
Severity ?
Summary
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
References
secalert@redhat.comhttp://bugs.freedesktop.org/show_bug.cgi?id=17803Exploit
secalert@redhat.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.comhttp://lists.vmware.com/pipermail/security-announce/2010/000082.html
secalert@redhat.comhttp://secunia.com/advisories/32127Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/35810Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/38794Vendor Advisory
secalert@redhat.comhttp://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88aPatch, Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/04/16/13
secalert@redhat.comhttp://www.securityfocus.com/bid/31602Exploit
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0528Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50385
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2010-0095.html
secalert@redhat.comhttps://usn.ubuntu.com/799-1/
af854a3a-2127-422b-91ae-364da2661108http://bugs.freedesktop.org/show_bug.cgi?id=17803Exploit
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2010/000082.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32127Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35810Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38794Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88aPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/04/16/13
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31602Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0528Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50385
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/799-1/



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB9F83F6-FFF0-456A-87D1-A546FAA09F02",
              "versionEndIncluding": "1.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2945FB-BDB8-49B7-BA9A-2BB390345FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE08E05-948A-4A9C-BA91-B2935355D3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3D5A-8823-4365-83B9-1E370C131F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6262F9B-30B5-4A7E-AC49-B9221B06CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F4A579-8F26-47CF-9AE0-41334A9751AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12E1141-5FE4-43BF-B3A0-DC45C593F880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04817C0-14A2-4B75-8747-691D48E70BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C8C79E-AE58-48AE-89DB-E84637543783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED4ECF06-79CC-4142-BE6A-AF4E1E981543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87CC329-AF59-4882-82E1-851C4E0BB0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA4ACC-9166-491C-A8D4-A5418F3B0965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "084A8212-B0FC-41BA-9532-080E8F92B949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB88CDF-0C71-4FE7-9210-C43EBE806416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D84E94E-18EB-4276-AF55-2FB9850B08CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6D0AAC-7F4B-48FF-9ACB-8C8844BDD722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD40B16-FF56-4C23-B8A9-D79433713F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A81FE8-37A0-46CE-AAA4-F00CF4122C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8815B87-7910-4E41-AB28-AEAD9F53475A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCEF7E9B-3F19-48CF-862B-B5935824A4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB32F7B-8616-40F5-8D94-4FC97F6AD958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC42FAD-C541-4D91-BDF6-62AA1C894B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAECF21B-68AF-47D8-9540-BB0001087881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D0DE09-5F83-423B-AD86-033005D35994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6618ACC-B506-4A92-BE4F-346FAC29D24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB406736-7185-4E0A-ACC6-4F79AB312FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18867CA7-E4AE-4312-A6E8-0CC514FCF063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C443F3D-5BD0-4E89-99F1-1BC0798666F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA75AB4-4ADF-4E42-8840-B044DC4D9FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D809A431-7BA6-4C9F-8644-33A14389B289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "732CD552-3E19-4389-B426-77D5B473866F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1702AE33-38F4-40C5-B448-C863A7E95553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3801D383-91A6-4F2F-87D5-32882005BF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "2392266A-BE81-4494-81C3-942ED56B0558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCCA6868-E09D-4616-A9A8-EF63F20C981D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B6DA02-F08B-4ACE-8F93-F869467BC628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4E7E9B-722E-4EE1-A435-906DE07BEB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF4902A-5598-42B7-8BB0-E9F8AB645D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DEF0BA7-4EE6-482A-BFE4-A159A7C329AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E93056D8-497A-4C08-B3FA-8372A92A6ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0380A55A-541E-450B-8092-280BD5DA736D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C55E6EEB-A408-45F5-AF95-37DBDEBA17EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8671706-FC4E-4485-945C-C397C80D859E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9908FE-6B10-41BF-ADE2-1639CAC1340E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA34903A-9D38-46FF-B702-D6BEECA96031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39753912-8A2D-49B0-B90B-43DAF723B34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FF206A-8E96-40A2-9687-E0C4F00F020F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA580B9B-F975-4667-9ECC-703E2B16D24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key.  NOTE: this is due to an incorrect fix for CVE-2008-3834."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n _dbus_validate_signature_with_reason (dbus-marshal-validate.c) en D-Bus (tambi\u00e9n conocido como DBus) en versiones anteriores a 1.2.14 utiliza l\u00f3gica incorrecta para validar un tipo b\u00e1sico, lo que permite a atacantes remotos suplantar una firma a trav\u00e9s de una clave manipulada. NOTA: esto es debido a una soluci\u00f3n incorrecta para CVE-2008-3834."
    }
  ],
  "id": "CVE-2009-1189",
  "lastModified": "2024-11-21T01:01:52.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-27T18:00:00.267",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32127"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35810"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31602"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/799-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/799-1/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-02-29 19:44
Modified
2024-11-21 00:42
Severity ?
Summary
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
References
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/29148Broken Link
secalert@redhat.comhttp://secunia.com/advisories/29160Broken Link
secalert@redhat.comhttp://secunia.com/advisories/29171Broken Link
secalert@redhat.comhttp://secunia.com/advisories/29173Broken Link
secalert@redhat.comhttp://secunia.com/advisories/29281Broken Link
secalert@redhat.comhttp://secunia.com/advisories/29323Broken Link
secalert@redhat.comhttp://secunia.com/advisories/30869Broken Link
secalert@redhat.comhttp://secunia.com/advisories/32281Broken Link
secalert@redhat.comhttp://securitytracker.com/id?1019512Third Party Advisory, VDB Entry
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2008-0099Third Party Advisory
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1599Third Party Advisory
secalert@redhat.comhttp://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:054Broken Link
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0159.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/489280/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/28023Patch, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-653-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/0694Broken Link
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2282Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353Broken Link
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2008-February/009401.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29148Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29160Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29171Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29173Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29281Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29323Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30869Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32281Broken Link
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1019512Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1599Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:054Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0159.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489280/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28023Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-653-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0694Broken Link
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2282Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.htmlThird Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4784E4-24D1-4E22-B880-846F21F52F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*",
              "matchCriteriaId": "5454336D-724E-4027-A642-1EFCB79C1ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53965B9B-5A2C-4899-9DDD-8995BFED40BA",
              "versionEndExcluding": "1.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C1F814-9430-464F-9376-B23363473BF9",
              "versionEndExcluding": "1.1.20",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface."
    },
    {
      "lang": "es",
      "value": "dbus-daemon en D-Bus anterior a 1.0.3 y 1.1.x anterior a 1.1.20, reconoce atributos de send_interface en directivas de permiso en la pol\u00edtica de seguridad s\u00f3lo para llamadas a m\u00e9todos completamente cualificados, esto permite a usuarios locales evitar las restricciones de acceso pretendidas mediante llamadas a m\u00e9todos con una interfaz NULL."
    }
  ],
  "id": "CVE-2008-0595",
  "lastModified": "2024-11-21T00:42:28.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-29T19:44:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29148"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29160"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29171"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29173"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29281"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29323"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/30869"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/32281"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019512"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1599"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28023"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-653-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0694"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2282"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.freedesktop.org/archives/dbus/2008-February/009401.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/30869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/32281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.j5live.com/2008/02/27/announce-d-bus-1120-conisten-water-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0159.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/489280/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-653-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00893.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00911.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-06-22 22:55
Modified
2024-11-21 01:27
Severity ?
Summary
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336ePatch
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7Patch
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2Patch
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
secalert@redhat.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2007-March/007357.html
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2011-May/014408.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/06/12/1Patch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/06/12/2
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/06/13/12Patch
secalert@redhat.comhttp://secunia.com/advisories/44896Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1132.html
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=38120
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=712676Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67974
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336ePatch
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7Patch
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2Patch
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/06/12/1Patch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/06/12/2
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/06/13/12Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44896Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1132.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=38120
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=712676Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:permissive",
              "matchCriteriaId": "7EC60852-AB03-4B8D-B5A0-1114863787D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:permissive",
              "matchCriteriaId": "3B95EA9A-9636-4201-953C-585109E029A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:permissive",
              "matchCriteriaId": "3715D2CE-2CB4-4097-8515-C8F964DB7461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D763F9DE-EC14-4B65-89D4-6F8FDEE90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n _dbus_header_byteswap en dbus-marshal-header.c en D-Bus (tambi\u00e9n conocido como Dbus) v1.2.x antes de v1.2.28, v1.4.x antes de v1.4.12, y v1.5 antes de v1.5.4 no controla correctamente un orden de bytes no-nativos, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (p\u00e9rdida de la conexi\u00f3n), obtener informaci\u00f3n potencialmente sensible, o llevar a cabo ataques de modificacion de estado no especificados a trav\u00e9s de mensajes manipulados."
    }
  ],
  "id": "CVE-2011-2200",
  "lastModified": "2024-11-21T01:27:48.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-22T22:55:04.107",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/06/12/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/06/12/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/06/13/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44896"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2\u0026id=6519a1f77c61d753d4c97efd6e15630eb275336e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4\u0026id=c3223ba6c401ba81df1305851312a47c485e6cd7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/06/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/06/12/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/06/13/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0294.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2014/07/02/4Mailing List, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59611Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59798Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60236Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2971Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=80163Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0294.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/07/02/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59611Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59798Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60236Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2971Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=80163Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "014545A6-0813-49A4-B85B-1A17B9375102",
              "versionEndExcluding": "1.6.22",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43371D3E-BE49-4449-B10A-C9AEE9007B8A",
              "versionEndExcluding": "1.8.6",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "104AEA5F-7AE2-41AA-BEF1-F71BB6D45788",
              "versionStartIncluding": "2.6.38",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*",
              "matchCriteriaId": "79F8D440-02E8-4BF7-8F56-31E4F349166B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F157225D-C62C-465D-A758-DE6A6C48C397",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "77BB49A9-39D0-49C4-A241-D1537590F508",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "1BE3273F-0DB1-4607-B92B-C0A7BC099C91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "9BAF52C2-38F2-45C0-B6E7-7096B8A4FEEC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "13205DB7-6988-4D68-A944-B1EA3C145B9E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F1E356-E019-47E8-AA5F-702DA93CF74E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded."
    },
    {
      "lang": "es",
      "value": "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6, cuando funciona en Linux 2.6.37-rc4 o posteriores, permite a usuarios locales causar una denegaci\u00f3n de servicio (desconexi\u00f3n del bus del sistema de otros servicios o aplicaciones) mediante el env\u00edo de un mensaje que contiene un descriptor de ficheros, y posteriormente el exceso en la profundidad m\u00e1xima de recursi\u00f3n antes de enviar el mensaje inicial."
    }
  ],
  "id": "CVE-2014-3532",
  "lastModified": "2024-11-21T02:08:18.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-19T19:55:07.950",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/60236"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/60236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-06-22 23:55
Modified
2024-11-21 01:28
Severity ?
Summary
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
Impacted products
Vendor Product Version
freedesktop dbus 1.2.1
freedesktop dbus 1.2.3
freedesktop dbus 1.2.4
freedesktop dbus 1.2.6
freedesktop dbus 1.2.8
freedesktop dbus 1.2.10
freedesktop dbus 1.2.12
freedesktop dbus 1.2.14
freedesktop dbus 1.2.16
freedesktop dbus 1.2.18
freedesktop dbus 1.2.20
freedesktop dbus 1.2.22
freedesktop dbus 1.2.24
freedesktop dbus 1.2.26



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BDF532-871B-4A0B-B536-038545C2339C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "627AC7FF-614F-4143-B068-129D56F47A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC10415-F373-4C1B-ACD5-BC1D90D60EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCD6303-8FC9-4B1B-9072-769F37624A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "75E0C99C-082B-4D68-97D2-0CC66FDF360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA563AB-1D70-40E5-A758-232C4C9D5C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B75034-C869-4202-AEF1-8BA415D0584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1C08CC-0038-40B0-8D8F-98B64ED6DCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF59F71-42DA-4E2F-AC3F-C497B74CE485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "36489DA8-B79B-4073-9737-36A1D1BFD42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "20190232-8F31-4373-9609-BBF8A2534FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEA457CD-A86F-4609-A41B-EC17C278AD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9645C83A-B9AE-4199-8BF9-F859D06521CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1700DA29-C87F-4F90-9C8B-62E228C89E22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/."
    },
    {
      "lang": "es",
      "value": "La secuencia de comandos de configuraci\u00f3n de D-Bus (tambi\u00e9n conocido como DBus) v1.2.x antes de v1.2.28 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en un archivo especificado en /tmp/."
    }
  ],
  "id": "CVE-2011-2533",
  "lastModified": "2024-11-21T01:28:29.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-22T23:55:00.683",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025720"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-08 17:15
Modified
2024-11-21 04:59
Summary
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
References
cve@mitre.orghttp://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2020/06/04/3Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/issues/294Exploit, Third Party Advisory
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30Third Party Advisory
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18Third Party Advisory
cve@mitre.orghttps://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202007-46Third Party Advisory
cve@mitre.orghttps://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leakExploit, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4398-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4398-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/06/04/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/issues/294Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-46Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leakExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4398-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4398-2/Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DAA98B8-A6E1-4233-9A80-7963ED2FBC01",
              "versionEndExcluding": "1.12.18",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en dbus versiones posteriores a 1.3.0 e incluy\u00e9ndola y anteriores a 1.12.18. El DBusServer en libdbus, como es usado en dbus-daemon, filtra los descriptores de archivo cuando un mensaje excede el l\u00edmite del descriptor de archivo por mensaje. Un atacante local con acceso al bus del sistema D-Bus o al socket AF_UNIX privado de otro servicio del sistema podr\u00eda utilizar esto para hacer que el servicio del sistema alcance su l\u00edmite del descriptor de archivos, negando el servicio a los clientes posteriores de D-Bus"
    }
  ],
  "id": "CVE-2020-12049",
  "lastModified": "2024-11-21T04:59:10.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-08T17:15:09.910",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-46"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4398-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4398-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-46"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4398-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4398-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}