Vulnerabilities > CVE-2014-3636 - Resource Management Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

Vulnerable Configurations

Part Description Count
Application
D-Bus_Project
58
Application
Freedesktop
4
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-557.NASL
    descriptionThe DBUS-1 service and libraries were updated to upstream release 1.6.24 fixing security issues and bugs. Upstream changes since dbus 1.6.8 + Security fixes - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus
    last seen2020-06-05
    modified2014-09-26
    plugin id77890
    published2014-09-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77890
    titleopenSUSE Security Update : dbus-1 (openSUSE-SU-2014:1239-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-557.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77890);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2168", "CVE-2014-3477", "CVE-2014-3532", "CVE-2014-3533", "CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639");
    
      script_name(english:"openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1239-1)");
      script_summary(english:"Check for the openSUSE-2014-557 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The DBUS-1 service and libraries were updated to upstream release
    1.6.24 fixing security issues and bugs.
    
    Upstream changes since dbus 1.6.8
    
      + Security fixes
    
      - Do not accept an extra fd in the padding of a cmsg
        message, which could lead to a 4-byte heap buffer
        overrun. (CVE-2014-3635, fdo#83622; Simon McVittie)
    
      - Reduce default for maximum Unix file descriptors passed
        per message from 1024 to 16, preventing a uid with the
        default maximum number of connections from exhausting
        the system bus' file descriptors under Linux's default
        rlimit. Distributors or system administrators with a
        more restrictive fd limit may wish to reduce these
        limits further. Additionally, on Linux this prevents a
        second denial of service in which the dbus-daemon can be
        made to exceed the maximum number of fds per sendmsg()
        and disconnect the process that would have received
        them. (CVE-2014-3636, fdo#82820; Alban Crequy)
    
      - Disconnect connections that still have a fd pending
        unmarshalling after a new configurable limit,
        pending_fd_timeout (defaulting to 150 seconds), removing
        the possibility of creating an abusive connection that
        cannot be disconnected by setting up a circular
        reference to a connection's file descriptor.
        (CVE-2014-3637, fdo#80559; Alban Crequy)
    
      - Reduce default for maximum pending replies per
        connection from 8192 to 128, mitigating an algorithmic
        complexity denial-of-service attack (CVE-2014-3638,
        fdo#81053; Alban Crequy)
    
      - Reduce default for authentication timeout on the system
        bus from 30 seconds to 5 seconds, avoiding denial of
        service by using up all unauthenticated connection
        slots; and when all unauthenticated connection slots are
        used up, make new connection attempts block instead of
        disconnecting them. (CVE-2014-3639, fdo#80919; Alban
        Crequy)
    
      - On Linux >= 2.6.37-rc4, if sendmsg() fails with
        ETOOMANYREFS, silently drop the message. This prevents
        an attack in which a malicious client can make
        dbus-daemon disconnect a system service, which is a
        local denial of service. (fdo#80163, CVE-2014-3532;
        Alban Crequy)
    
      - Track remaining Unix file descriptors correctly when
        more than one message in quick succession contains fds.
        This prevents another attack which a malicious client
        can make dbus-daemon disconnect a system service.
        (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
        Martínez Suárez, Simon McVittie, Alban
        Crequy)
    
      - Alban Crequy at Collabora Ltd. discovered and fixed a
        denial-of-service flaw in dbus-daemon, part of the
        reference implementation of D-Bus. Additionally, in
        highly unusual environments the same flaw could lead to
        a side channel between processes that should not be able
        to communicate. (CVE-2014-3477, fdo#78979)
    
      - CVE-2013-2168: Fix misuse of va_list that could be used
        as a denial of service for system services.
        Vulnerability reported by Alexandru Cornea. (Simon)
    
      + Other fixes
    
      - Don't leak memory on out-of-memory while listing
        activatable or active services (fdo#71526, Radoslaw
        Pajak)
    
      - fix undefined behaviour in a regression test (fdo#69924,
        DreamNik)
    
      - path_namespace='/' in match rules incorrectly matched
        nothing; it now matches everything. (fdo#70799, Simon
        McVittie)
    
      - Make dbus_connection_set_route_peer_messages(x, FALSE)
        behave as documented. Previously, it assumed its second
        parameter was TRUE. (fdo#69165, Chengwei Yang)
    
      - Fix a NULL pointer dereference on an unlikely error path
        (fdo#69327, Sviatoslav Chagaev)
    
      - If accept4() fails with EINVAL, as it can on older Linux
        kernels with newer glibc, try accept() instead of going
        into a busy-loop. (fdo#69026, Chengwei Yang)
    
      - If socket() or socketpair() fails with EINVAL or
        EPROTOTYPE, for instance on Hurd or older Linux with a
        new glibc, try without SOCK_CLOEXEC. (fdo#69073; Pino
        Toscano, Chengwei Yang)
    
      - Fix a file descriptor leak on an error code path.
        (fdo#69182, Sviatoslav Chagaev)
    
      - Fix compilation if writev() is unavailable (fdo#69409,
        Vasiliy Balyasnyy)
    
      - Avoid an infinite busy-loop if a signal interrupts
        waitpid() (fdo#68945, Simon McVittie)
    
      - Escape addresses containing non-ASCII characters
        correctly (fdo#53499, Chengwei Yang)
    
      - If malloc() returns NULL in _dbus_string_init() or
        similar, don't free an invalid pointer if the string is
        later freed (fdo#65959, Chengwei Yang)
    
      - If malloc() returns NULL in dbus_set_error(), don't
        va_end() a va_list that was never va_start()ed
        (fdo#66300, Chengwei Yang)
    
      - Fix a regression test on platforms with strict alignment
        (fdo#67279, Colin Walters)
    
      - Avoid calling function parameters 'interface' since
        certain Windows headers have a namespace-polluting macro
        of that name (fdo#66493, Ivan Romanov)
    
      - Make 'make -j check' work (fdo#68852, Simon McVittie)
    
      - In dbus-daemon, don't crash if a .service file starts
        with key=value (fdo#60853, Chengwei Yang)
    
      - Fix an assertion failure if we try to activate systemd
        services before systemd connects to the bus (fdo#50199,
        Chengwei Yang)
    
      - Avoid compiler warnings for ignoring the return from
        write() (Chengwei Yang)
    
      - Following Unicode Corrigendum #9, the noncharacters
        U+nFFFE, U+nFFFF, U+FDD0..U+FDEF are allowed in UTF-8
        strings again. (fdo#63072, Simon McVittie)
    
      - Diagnose incorrect use of dbus_connection_get_data()
        with negative slot (i.e. before allocating the slot)
        rather than returning junk (fdo#63127, Dan Williams)
    
      - In the activation helper, when compiled for tests, do
        not reset the system bus address, fixing the regression
        tests. (fdo#52202, Simon)
    
      - Fix building with Valgrind 3.8, at the cost of causing
        harmless warnings with Valgrind 3.6 on some compilers
        (fdo#55932, Arun Raghavan)
    
      - Don't leak temporary fds pointing to /dev/null
        (fdo#56927, Michel HERMIER)
    
      - Create session.d, system.d directories under CMake
        (fdo#41319, Ralf Habacker)
    
      - Include alloca.h for alloca() if available, fixing
        compilation on Solaris 10 (fdo#63071, Dagobert
        Michelsen)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected dbus-1 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debuginfo-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debugsource-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-devel-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debuginfo-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debugsource-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-debuginfo-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-32bit-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-debuginfo-32bit-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-devel-32bit-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.6.24-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-32bit-1.6.24-2.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C1930F45698211E480E1BCAEC565249C.NASL
    descriptionSimon McVittie reports : The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as
    last seen2020-06-01
    modified2020-06-02
    plugin id79197
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79197
    titleFreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79197);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/23 12:49:57");
    
      script_cve_id("CVE-2014-7824");
    
      script_name(english:"FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Simon McVittie reports :
    
    The patch issued by the D-Bus maintainers for CVE-2014-3636 was based
    on incorrect reasoning, and does not fully prevent the attack
    described as 'CVE-2014-3636 part A', which is repeated below.
    Preventing that attack requires raising the system dbus-daemon's
    RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been
    allocated for this vulnerability."
      );
      # http://lists.freedesktop.org/archives/dbus/2014-November/016395.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.freedesktop.org/archives/dbus/2014-November/016395.html"
      );
      # https://vuxml.freebsd.org/freebsd/c1930f45-6982-11e4-80e1-bcaec565249c.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?96493129"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dbus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"dbus<1.8.10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_38242D513E5811E4AC2FBCAEC565249C.NASL
    descriptionSimon McVittie reports : Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun (CVE-2014-3635). Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus
    last seen2020-06-01
    modified2020-06-02
    plugin id77733
    published2014-09-18
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77733
    titleFreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77733);
      script_version("1.6");
      script_cvs_date("Date: 2018/11/21 10:46:31");
    
      script_cve_id("CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639");
    
      script_name(english:"FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Simon McVittie reports :
    
    Do not accept an extra fd in the padding of a cmsg message, which
    could lead to a 4-byte heap buffer overrun (CVE-2014-3635).
    
    Reduce default for maximum Unix file descriptors passed per message
    from 1024 to 16, preventing a uid with the default maximum number of
    connections from exhausting the system bus' file descriptors under
    Linux's default rlimit (CVE-2014-3636).
    
    Disconnect connections that still have a fd pending unmarshalling
    after a new configurable limit, pending_fd_timeout (defaulting to 150
    seconds), removing the possibility of creating an abusive connection
    that cannot be disconnected by setting up a circular reference to a
    connection's file descriptor (CVE-2014-3637).
    
    Reduce default for maximum pending replies per connection from 8192 to
    128, mitigating an algorithmic complexity denial-of-service attack
    (CVE-2014-3638).
    
    Reduce default for authentication timeout on the system bus from 30
    seconds to 5 seconds, avoiding denial of service by using up all
    unauthenticated connection slots; and when all unauthenticated
    connection slots are used up, make new connection attempts block
    instead of disconnecting them (CVE-2014-3639)."
      );
      # http://lists.freedesktop.org/archives/dbus/2014-September/016343.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.freedesktop.org/archives/dbus/2014-September/016343.html"
      );
      # https://vuxml.freebsd.org/freebsd/38242d51-3e58-11e4-ac2f-bcaec565249c.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e22fca01"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dbus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"dbus<1.8.8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1724-1.NASL
    descriptiondbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed : - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: <busconfig> <limit name=
    last seen2020-06-05
    modified2015-05-20
    plugin id83655
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83655
    titleSUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2014:1724-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:1724-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83655);
      script_version("2.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-3636", "CVE-2014-7824");
      script_bugtraq_id(69834, 71012);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2014:1724-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "dbus-1 was updated to version 1.8.12 to fix one security issue.
    
    This security issue was fixed :
    
      - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to
        stop an attacker from exhausting the file descriptors of
        the system bus (CVE-2014-7824).
    
    Note: This already includes the fix for the regression that was
    introduced by the first fix for CVE-2014-7824 in 1.8.10.
    
    On fast systems where local users are considered particularly hostile,
    administrators can return to the 5 second timeout (or any other value
    in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
    <busconfig> <limit name='auth_timeout'>5000</limit> </busconfig>
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=904017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3636/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-7824/"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20141724-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4417f330"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2014-121
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2014-121
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2014-121
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-debuginfo-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-debugsource-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-debuginfo-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-debugsource-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-debuginfo-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-32bit-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-debuginfo-32bit-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-debuginfo-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-debugsource-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-debuginfo-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-debugsource-1.8.12-6.5")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-1.8.12-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-32bit-1.8.12-6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16227.NASL
    descriptionUpdate to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-22
    plugin id80130
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80130
    titleFedora 19 : dbus-1.6.28-1.fc19 (2014-16227)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-16227.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80130);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639", "CVE-2014-7824");
      script_xref(name:"FEDORA", value:"2014-16227");
    
      script_name(english:"Fedora 19 : dbus-1.6.28-1.fc19 (2014-16227)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.6.28
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140525"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140532"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1173555"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146403.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e68b9259"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dbus package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"dbus-1.6.28-1.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3099.NASL
    descriptionSimon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeout change in the previous security update to its old value because the new value causes boot failures on some systems. See the README.Debian file for details how to harden the D-Bus daemon against malicious local users.
    last seen2020-03-17
    modified2014-12-15
    plugin id79886
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79886
    titleDebian DSA-3099-1 : dbus - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3099. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79886);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-7824");
      script_bugtraq_id(71012);
      script_xref(name:"DSA", value:"3099");
    
      script_name(english:"Debian DSA-3099-1 : dbus - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Simon McVittie discovered that the fix for CVE-2014-3636 was
    incorrect, as it did not fully address the underlying
    denial-of-service vector. This update starts the D-Bus daemon as root
    initially, so that it can properly raise its file descriptor count.
    
    In addition, this update reverts the auth_timeout change in the
    previous security update to its old value because the new value causes
    boot failures on some systems. See the README.Debian file for details
    how to harden the D-Bus daemon against malicious local users."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-3636"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/dbus"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-3099"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the dbus packages.
    
    For the stable distribution (wheezy), these problem have been fixed in
    version 1.6.8-1+deb7u5.
    
    For the upcoming stable distribution (jessie) and the unstable
    distribution (sid), these problem have been fixed in version 1.8.10-1."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dbus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"dbus", reference:"1.6.8-1+deb7u5")) flag++;
    if (deb_check(release:"7.0", prefix:"dbus-1-dbg", reference:"1.6.8-1+deb7u5")) flag++;
    if (deb_check(release:"7.0", prefix:"dbus-1-doc", reference:"1.6.8-1+deb7u5")) flag++;
    if (deb_check(release:"7.0", prefix:"dbus-x11", reference:"1.6.8-1+deb7u5")) flag++;
    if (deb_check(release:"7.0", prefix:"libdbus-1-3", reference:"1.6.8-1+deb7u5")) flag++;
    if (deb_check(release:"7.0", prefix:"libdbus-1-dev", reference:"1.6.8-1+deb7u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17570.NASL
    description - Update to 1.8.12\\r\\n* Fixes various CVE
    last seen2020-03-17
    modified2015-01-02
    plugin id80317
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80317
    titleFedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-17570.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80317);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-3477", "CVE-2014-3532", "CVE-2014-3533", "CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639", "CVE-2014-7824");
      script_bugtraq_id(67986, 68337, 68339, 69829, 69831, 69832, 69833, 69834, 71012);
      script_xref(name:"FEDORA", value:"2014-17570");
    
      script_name(english:"Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Update to 1.8.12\\r\\n* Fixes various CVE's
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1115637"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1117395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1142582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1173557"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147337.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9b30848c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-dbus package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-dbus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"mingw-dbus-1.6.28-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-dbus");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-12 (D-Bus: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79965
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79965
    titleGLSA-201412-12 : D-Bus: Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-176.NASL
    descriptionUpdated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate (CVE-2014-3477). A flaw was reported in D-Bus
    last seen2020-06-01
    modified2020-06-02
    plugin id82451
    published2015-03-31
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82451
    titleMandriva Linux Security Advisory : dbus (MDVSA-2015:176)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17595.NASL
    description - Update to 1.8.12\\r\\n* Fixes various CVE
    last seen2020-03-17
    modified2015-01-02
    plugin id80323
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80323
    titleFedora 21 : mingw-dbus-1.8.12-1.fc21 (2014-17595)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1037.NASL
    descriptionAccording to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. - Security Fix(es) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.(CVE-2014-3532) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.(CVE-2014-3533) - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.(CVE-2015-0245) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.(CVE-2014-3636) - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.(CVE-2014-3477) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.(CVE-2014-3637) - Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.(CVE-2014-3635) - The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.(CVE-2014-3638) - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.(CVE-2014-3639) - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.(CVE-2014-7824) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99800
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99800
    titleEulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2352-1.NASL
    descriptionSimon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3635) Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3636) Alban Crequy discovered that DBus incorrectly handled certain file descriptor messages. A local attacker could use this issue to cause DBus to maintain persistent connections, possibly resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3637) Alban Crequy discovered that DBus incorrectly handled a large number of parallel connections and parallel message calls. A local attacker could use this issue to cause DBus to consume resources, possibly resulting in a denial of service. (CVE-2014-3638) Alban Crequy discovered that DBus incorrectly handled incomplete connections. A local attacker could use this issue to cause DBus to fail legitimate connection attempts, resulting in a denial of service. (CVE-2014-3639). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77809
    published2014-09-23
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77809
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : dbus vulnerabilities (USN-2352-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16147.NASL
    descriptionUpdate to 1.8.12 (#1168438) - Fixes CVE-2014-3635 (fd.o#83622) - Fixes CVE-2014-3636 (fd.o#82820) - Fixes CVE-2014-3637 (fd.o#80559) - Fixes CVE-2014-3638 (fd.o#81053) - Fixes CVE-2014-3639 (fd.o#80919) - Fixes CVE-2014-7824 (fd.o#85105) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-17
    plugin id80060
    published2014-12-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80060
    titleFedora 21 : dbus-1.8.12-1.fc21 (2014-16147)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3026.NASL
    descriptionAlban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon. - CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution. - CVE-2014-3636 A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits. - CVE-2014-3637 Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability. - CVE-2014-3638 dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon. - CVE-2014-3639 dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability.
    last seen2020-03-17
    modified2014-09-17
    plugin id77716
    published2014-09-17
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77716
    titleDebian DSA-3026-1 : dbus - security update
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-214.NASL
    descriptionUpdated dbus packages fixes the following security issues : Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon : On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as CVE-2014-3636 part A, which is repeated below. Preventing that attack requires raising the system dbus-daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id79322
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79322
    titleMandriva Linux Security Advisory : dbus (MDVSA-2014:214)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16243.NASL
    descriptionUpdate to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-15
    plugin id79924
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79924
    titleFedora 20 : dbus-1.6.28-1.fc20 (2014-16243)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-558.NASL
    descriptionDBUS-1 was upgraded to upstream release 1.8. This brings the version of dbus to the latest stable release from an unstable snapshot 1.7.4 that is know to have several regressions - Upstream changes since 1.7.4 : + Security fixes : - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus
    last seen2020-06-05
    modified2014-09-25
    plugin id77845
    published2014-09-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77845
    titleopenSUSE Security Update : dbus-1 (openSUSE-SU-2014:1228-1)