gsd-2023-34969
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2023-34969",
    "id": "GSD-2023-34969"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34969"
      ],
      "details": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.",
      "id": "GSD-2023-34969",
      "modified": "2023-12-13T01:20:30.980149Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-34969",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457",
            "refsource": "MISC",
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
          },
          {
            "name": "FEDORA-2023-d22162d9ba",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
          },
          {
            "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231208-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0C27DA9-8223-4925-B3B8-4F36EB1FDD1F",
                    "versionEndExcluding": "1.12.28",
                    "versionStartIncluding": "1.12.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B50ED37A-5986-4AB3-8D32-108D0BA2B9B8",
                    "versionEndExcluding": "1.14.8",
                    "versionStartIncluding": "1.14.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AF88A5BF-3A26-4E9F-B19B-DB32F3185527",
                    "versionEndExcluding": "1.15.6",
                    "versionStartIncluding": "1.15.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
          },
          {
            "lang": "es",
            "value": "D-Bus en versiones anteriores a v1.15.6 a veces permite a usuarios sin privilegios bloquear el \"dbus-daemon\". Si un usuario privilegiado con control sobre \"dbus-daemon\" est\u00e1 usando la interfaz \"org.freedesktop.DBus.Monitoring\" para monitorizar el tr\u00e1fico del bus de mensajes, entonces un usuario sin privilegios con la capacidad de conectarse al mismo \"dbus-daemon\" puede causar un fallo del \"dbus-daemon\" bajo algunas circunstancias a trav\u00e9s de un mensaje sin respuesta. Cuando se hace en el bus del sistema conocido, se trata de una vulnerabilidad de denegaci\u00f3n de servicio. Las versiones que corrigen esta vulnerabilidad son v1.12.28, v1.14.8 y v1.15.6. "
          }
        ],
        "id": "CVE-2023-34969",
        "lastModified": "2023-12-27T16:36:58.353",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-06-08T03:15:08.970",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Mitigation",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.