Vulnerabilities > CVE-2014-3477
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-557.NASL description The DBUS-1 service and libraries were updated to upstream release 1.6.24 fixing security issues and bugs. Upstream changes since dbus 1.6.8 + Security fixes - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus last seen 2020-06-05 modified 2014-09-26 plugin id 77890 published 2014-09-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77890 title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1239-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-557. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(77890); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2168", "CVE-2014-3477", "CVE-2014-3532", "CVE-2014-3533", "CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639"); script_name(english:"openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1239-1)"); script_summary(english:"Check for the openSUSE-2014-557 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The DBUS-1 service and libraries were updated to upstream release 1.6.24 fixing security issues and bugs. Upstream changes since dbus 1.6.8 + Security fixes - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit. Distributors or system administrators with a more restrictive fd limit may wish to reduce these limits further. Additionally, on Linux this prevents a second denial of service in which the dbus-daemon can be made to exceed the maximum number of fds per sendmsg() and disconnect the process that would have received them. (CVE-2014-3636, fdo#82820; Alban Crequy) - Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor. (CVE-2014-3637, fdo#80559; Alban Crequy) - Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638, fdo#81053; Alban Crequy) - Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban Crequy) - On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban Crequy) - Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack which a malicious client can make dbus-daemon disconnect a system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie, Alban Crequy) - Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. (CVE-2014-3477, fdo#78979) - CVE-2013-2168: Fix misuse of va_list that could be used as a denial of service for system services. Vulnerability reported by Alexandru Cornea. (Simon) + Other fixes - Don't leak memory on out-of-memory while listing activatable or active services (fdo#71526, Radoslaw Pajak) - fix undefined behaviour in a regression test (fdo#69924, DreamNik) - path_namespace='/' in match rules incorrectly matched nothing; it now matches everything. (fdo#70799, Simon McVittie) - Make dbus_connection_set_route_peer_messages(x, FALSE) behave as documented. Previously, it assumed its second parameter was TRUE. (fdo#69165, Chengwei Yang) - Fix a NULL pointer dereference on an unlikely error path (fdo#69327, Sviatoslav Chagaev) - If accept4() fails with EINVAL, as it can on older Linux kernels with newer glibc, try accept() instead of going into a busy-loop. (fdo#69026, Chengwei Yang) - If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for instance on Hurd or older Linux with a new glibc, try without SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang) - Fix a file descriptor leak on an error code path. (fdo#69182, Sviatoslav Chagaev) - Fix compilation if writev() is unavailable (fdo#69409, Vasiliy Balyasnyy) - Avoid an infinite busy-loop if a signal interrupts waitpid() (fdo#68945, Simon McVittie) - Escape addresses containing non-ASCII characters correctly (fdo#53499, Chengwei Yang) - If malloc() returns NULL in _dbus_string_init() or similar, don't free an invalid pointer if the string is later freed (fdo#65959, Chengwei Yang) - If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list that was never va_start()ed (fdo#66300, Chengwei Yang) - Fix a regression test on platforms with strict alignment (fdo#67279, Colin Walters) - Avoid calling function parameters 'interface' since certain Windows headers have a namespace-polluting macro of that name (fdo#66493, Ivan Romanov) - Make 'make -j check' work (fdo#68852, Simon McVittie) - In dbus-daemon, don't crash if a .service file starts with key=value (fdo#60853, Chengwei Yang) - Fix an assertion failure if we try to activate systemd services before systemd connects to the bus (fdo#50199, Chengwei Yang) - Avoid compiler warnings for ignoring the return from write() (Chengwei Yang) - Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF, U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fdo#63072, Simon McVittie) - Diagnose incorrect use of dbus_connection_get_data() with negative slot (i.e. before allocating the slot) rather than returning junk (fdo#63127, Dan Williams) - In the activation helper, when compiled for tests, do not reset the system bus address, fixing the regression tests. (fdo#52202, Simon) - Fix building with Valgrind 3.8, at the cost of causing harmless warnings with Valgrind 3.6 on some compilers (fdo#55932, Arun Raghavan) - Don't leak temporary fds pointing to /dev/null (fdo#56927, Michel HERMIER) - Create session.d, system.d directories under CMake (fdo#41319, Ralf Habacker) - Include alloca.h for alloca() if available, fixing compilation on Solaris 10 (fdo#63071, Dagobert Michelsen)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896453" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" ); script_set_attribute( attribute:"solution", value:"Update the affected dbus-1 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debuginfo-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debugsource-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-devel-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debuginfo-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debugsource-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-debuginfo-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-32bit-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-debuginfo-32bit-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-devel-32bit-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.6.24-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-32bit-1.6.24-2.26.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2971.NASL description Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-3477 Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service. A local attacker could use this flaw to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service. - CVE-2014-3532 Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon last seen 2020-03-17 modified 2014-07-03 plugin id 76349 published 2014-07-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76349 title Debian DSA-2971-1 : dbus - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2971. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(76349); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-3477", "CVE-2014-3532", "CVE-2014-3533"); script_bugtraq_id(67986, 68337, 68339); script_xref(name:"DSA", value:"2971"); script_name(english:"Debian DSA-2971-1 : dbus - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-3477 Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service. A local attacker could use this flaw to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service. - CVE-2014-3532 Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system by sending them a message containing a file descriptor, leading to a denial of service. - CVE-2014-3533 Alban Crequy at Collabora Ltd. and Alejandro Martinez Suarez discovered that a malicious process could force services to be disconnected from the D-Bus system by causing dbus-daemon to attempt to forward invalid file descriptors to a victim process, leading to a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3477" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3532" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3533" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/dbus" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2971" ); script_set_attribute( attribute:"solution", value: "Upgrade the dbus packages. For the stable distribution (wheezy), these problems have been fixed in version 1.6.8-1+deb7u3." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dbus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"dbus", reference:"1.6.8-1+deb7u3")) flag++; if (deb_check(release:"7.0", prefix:"dbus-1-dbg", reference:"1.6.8-1+deb7u3")) flag++; if (deb_check(release:"7.0", prefix:"dbus-1-doc", reference:"1.6.8-1+deb7u3")) flag++; if (deb_check(release:"7.0", prefix:"dbus-x11", reference:"1.6.8-1+deb7u3")) flag++; if (deb_check(release:"7.0", prefix:"libdbus-1-3", reference:"1.6.8-1+deb7u3")) flag++; if (deb_check(release:"7.0", prefix:"libdbus-1-dev", reference:"1.6.8-1+deb7u3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_52BBC7E8F13C11E3BC09BCAEC565249C.NASL description Simon MvVittie reports : Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. last seen 2020-06-01 modified 2020-06-02 plugin id 76060 published 2014-06-16 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76060 title FreeBSD : dbus -- local DoS (52bbc7e8-f13c-11e3-bc09-bcaec565249c) NASL family SuSE Local Security Checks NASL id SUSE_11_DBUS-1-140605.NASL description dbus-1 was patched to prevent a possible denial of service issue in dbus-daemon. (CVE-2014-3477) last seen 2020-06-05 modified 2014-06-26 plugin id 76247 published 2014-06-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76247 title SuSE 11.3 Security Update : dbus-1 (SAT Patch Number 9349) NASL family Fedora Local Security Checks NASL id FEDORA_2014-17570.NASL description - Update to 1.8.12\\r\\n* Fixes various CVE last seen 2020-03-17 modified 2015-01-02 plugin id 80317 published 2015-01-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80317 title Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-12.NASL description The remote host is affected by the vulnerability described in GLSA-201412-12 (D-Bus: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79965 published 2014-12-15 reporter This script is Copyright (C) 2014-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79965 title GLSA-201412-12 : D-Bus: Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-176.NASL description Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate (CVE-2014-3477). A flaw was reported in D-Bus last seen 2020-06-01 modified 2020-06-02 plugin id 82451 published 2015-03-31 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82451 title Mandriva Linux Security Advisory : dbus (MDVSA-2015:176) NASL family Fedora Local Security Checks NASL id FEDORA_2014-17595.NASL description - Update to 1.8.12\\r\\n* Fixes various CVE last seen 2020-03-17 modified 2015-01-02 plugin id 80323 published 2015-01-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80323 title Fedora 21 : mingw-dbus-1.8.12-1.fc21 (2014-17595) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1037.NASL description According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. - Security Fix(es) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.(CVE-2014-3532) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.(CVE-2014-3533) - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.(CVE-2015-0245) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.(CVE-2014-3636) - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.(CVE-2014-3477) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.(CVE-2014-3637) - Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.(CVE-2014-3635) - The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.(CVE-2014-3638) - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.(CVE-2014-3639) - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.(CVE-2014-7824) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99800 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99800 title EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8059.NASL description - Backport patches from dbus-1.6 - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) - Resolves #1115636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-08 plugin id 76396 published 2014-07-08 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76396 title Fedora 20 : dbus-1.6.12-9.fc20 (2014-8059) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-434.NASL description dbus-1 was updated to fix a possible DoS (CVE-2014-3477). last seen 2020-06-05 modified 2014-06-23 plugin id 76182 published 2014-06-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76182 title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:0821-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-558.NASL description DBUS-1 was upgraded to upstream release 1.8. This brings the version of dbus to the latest stable release from an unstable snapshot 1.7.4 that is know to have several regressions - Upstream changes since 1.7.4 : + Security fixes : - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus last seen 2020-06-05 modified 2014-09-25 plugin id 77845 published 2014-09-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77845 title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1228-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2275-1.NASL description Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. (CVE-2014-3477) Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use this issue to cause services or clients to disconnect, resulting in a denial of service. (CVE-2014-3532, CVE-2014-3533). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76425 published 2014-07-09 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76425 title Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : dbus vulnerabilities (USN-2275-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-87.NASL description This updates fixes multiple (local) denial of services discovered by Alban Crequy and Simon McVittie. CVE-2014-3477 Fix a denial of service (failure to obtain bus name) in newly-activated system services that not all users are allowed to access. CVE-2014-3638 Reduce maximum number of pending replies per connection to avoid algorithmic complexity denial of service. CVE-2014-3639 The daemon now limits the number of unauthenticated connection slots so that malicious processes cannot prevent new connections to the system bus. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82232 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82232 title Debian DLA-87-1 : dbus security update
References
- http://seclists.org/oss-sec/2014/q2/509
- http://www.securityfocus.com/bid/67986
- http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
- https://bugs.freedesktop.org/show_bug.cgi?id=78979
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
- http://secunia.com/advisories/59611
- http://www.debian.org/security/2014/dsa-2971
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
- http://secunia.com/advisories/59428
- http://secunia.com/advisories/59798
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0266.html