Vulnerabilities > CVE-2014-7824 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C1930F45698211E480E1BCAEC565249C.NASL description Simon McVittie reports : The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as last seen 2020-06-01 modified 2020-06-02 plugin id 79197 published 2014-11-12 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79197 title FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(79197); script_version("1.4"); script_cvs_date("Date: 2018/11/23 12:49:57"); script_cve_id("CVE-2014-7824"); script_name(english:"FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Simon McVittie reports : The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as 'CVE-2014-3636 part A', which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability." ); # http://lists.freedesktop.org/archives/dbus/2014-November/016395.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/archives/dbus/2014-November/016395.html" ); # https://vuxml.freebsd.org/freebsd/c1930f45-6982-11e4-80e1-bcaec565249c.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?96493129" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dbus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"dbus<1.8.10")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1724-1.NASL description dbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed : - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: <busconfig> <limit name= last seen 2020-06-05 modified 2015-05-20 plugin id 83655 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83655 title SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2014:1724-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:1724-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83655); script_version("2.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3636", "CVE-2014-7824"); script_bugtraq_id(69834, 71012); script_name(english:"SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2014:1724-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "dbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed : - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: <busconfig> <limit name='auth_timeout'>5000</limit> </busconfig> Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=904017" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-7824/" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20141724-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4417f330" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2014-121 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2014-121 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2014-121 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-1.8.12-6.5")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-debuginfo-1.8.12-6.5")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-debugsource-1.8.12-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-1.8.12-6.5")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-debuginfo-1.8.12-6.5")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"dbus-1-x11-debugsource-1.8.12-6.5")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-1.8.12-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-debuginfo-1.8.12-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-32bit-1.8.12-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libdbus-1-3-debuginfo-32bit-1.8.12-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-1.8.12-6.5")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-debuginfo-1.8.12-6.5")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-debugsource-1.8.12-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-1.8.12-6.5")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-debuginfo-1.8.12-6.5")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"dbus-1-x11-debugsource-1.8.12-6.5")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-1.8.12-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.8.12-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-1.8.12-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-32bit-1.8.12-6.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-16227.NASL description Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-22 plugin id 80130 published 2014-12-22 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80130 title Fedora 19 : dbus-1.6.28-1.fc19 (2014-16227) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-16227. # include("compat.inc"); if (description) { script_id(80130); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639", "CVE-2014-7824"); script_xref(name:"FEDORA", value:"2014-16227"); script_name(english:"Fedora 19 : dbus-1.6.28-1.fc19 (2014-16227)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140525" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140527" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140532" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1173555" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146403.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e68b9259" ); script_set_attribute(attribute:"solution", value:"Update the affected dbus package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dbus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"dbus-1.6.28-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3099.NASL description Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeout change in the previous security update to its old value because the new value causes boot failures on some systems. See the README.Debian file for details how to harden the D-Bus daemon against malicious local users. last seen 2020-03-17 modified 2014-12-15 plugin id 79886 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79886 title Debian DSA-3099-1 : dbus - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3099. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(79886); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-7824"); script_bugtraq_id(71012); script_xref(name:"DSA", value:"3099"); script_name(english:"Debian DSA-3099-1 : dbus - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeout change in the previous security update to its old value because the new value causes boot failures on some systems. See the README.Debian file for details how to harden the D-Bus daemon against malicious local users." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3636" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/dbus" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-3099" ); script_set_attribute( attribute:"solution", value: "Upgrade the dbus packages. For the stable distribution (wheezy), these problem have been fixed in version 1.6.8-1+deb7u5. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problem have been fixed in version 1.8.10-1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dbus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"dbus", reference:"1.6.8-1+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"dbus-1-dbg", reference:"1.6.8-1+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"dbus-1-doc", reference:"1.6.8-1+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"dbus-x11", reference:"1.6.8-1+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"libdbus-1-3", reference:"1.6.8-1+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"libdbus-1-dev", reference:"1.6.8-1+deb7u5")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2014-17570.NASL description - Update to 1.8.12\\r\\n* Fixes various CVE last seen 2020-03-17 modified 2015-01-02 plugin id 80317 published 2015-01-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80317 title Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-17570. # include("compat.inc"); if (description) { script_id(80317); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-3477", "CVE-2014-3532", "CVE-2014-3533", "CVE-2014-3635", "CVE-2014-3636", "CVE-2014-3637", "CVE-2014-3638", "CVE-2014-3639", "CVE-2014-7824"); script_bugtraq_id(67986, 68337, 68339, 69829, 69831, 69832, 69833, 69834, 71012); script_xref(name:"FEDORA", value:"2014-17570"); script_name(english:"Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 1.8.12\\r\\n* Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1115637" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1117395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1142582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1173557" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147337.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9b30848c" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-dbus package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-dbus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mingw-dbus-1.6.28-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-dbus"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2425-1.NASL description It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79621 published 2014-11-28 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79621 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : dbus vulnerability (USN-2425-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2425-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(79621); script_version("1.7"); script_cvs_date("Date: 2019/09/19 12:54:31"); script_cve_id("CVE-2014-7824"); script_bugtraq_id(71012); script_xref(name:"USN", value:"2425-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : dbus vulnerability (USN-2425-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2425-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected dbus and / or libdbus-1-3 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"dbus", pkgver:"1.4.18-1ubuntu1.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libdbus-1-3", pkgver:"1.4.18-1ubuntu1.7")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"dbus", pkgver:"1.6.18-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libdbus-1-3", pkgver:"1.6.18-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"dbus", pkgver:"1.8.8-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libdbus-1-3", pkgver:"1.8.8-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus / libdbus-1-3"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-12.NASL description The remote host is affected by the vulnerability described in GLSA-201412-12 (D-Bus: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79965 published 2014-12-15 reporter This script is Copyright (C) 2014-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79965 title GLSA-201412-12 : D-Bus: Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-176.NASL description Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate (CVE-2014-3477). A flaw was reported in D-Bus last seen 2020-06-01 modified 2020-06-02 plugin id 82451 published 2015-03-31 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82451 title Mandriva Linux Security Advisory : dbus (MDVSA-2015:176) NASL family Fedora Local Security Checks NASL id FEDORA_2014-17595.NASL description - Update to 1.8.12\\r\\n* Fixes various CVE last seen 2020-03-17 modified 2015-01-02 plugin id 80323 published 2015-01-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80323 title Fedora 21 : mingw-dbus-1.8.12-1.fc21 (2014-17595) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1037.NASL description According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. - Security Fix(es) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.(CVE-2014-3532) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.(CVE-2014-3533) - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.(CVE-2015-0245) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.(CVE-2014-3636) - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.(CVE-2014-3477) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.(CVE-2014-3637) - Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.(CVE-2014-3635) - The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.(CVE-2014-3638) - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.(CVE-2014-3639) - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.(CVE-2014-7824) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99800 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99800 title EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-691.NASL description dbus-1 was updated to version 1.6.26 to fix one security issue and several other issues. This security issue was fixed : - Increase dbus-daemon last seen 2020-06-05 modified 2014-11-20 plugin id 79350 published 2014-11-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79350 title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1454-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-16147.NASL description Update to 1.8.12 (#1168438) - Fixes CVE-2014-3635 (fd.o#83622) - Fixes CVE-2014-3636 (fd.o#82820) - Fixes CVE-2014-3637 (fd.o#80559) - Fixes CVE-2014-3638 (fd.o#81053) - Fixes CVE-2014-3639 (fd.o#80919) - Fixes CVE-2014-7824 (fd.o#85105) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-17 plugin id 80060 published 2014-12-17 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80060 title Fedora 21 : dbus-1.8.12-1.fc21 (2014-16147) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0249_DBUS.NASL description An update of the dbus package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 128758 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128758 title Photon OS 1.0: Dbus PHSA-2019-1.0-0249 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-214.NASL description Updated dbus packages fixes the following security issues : Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon : On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as CVE-2014-3636 part A, which is repeated below. Preventing that attack requires raising the system dbus-daemon last seen 2020-06-01 modified 2020-06-02 plugin id 79322 published 2014-11-19 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79322 title Mandriva Linux Security Advisory : dbus (MDVSA-2014:214) NASL family Fedora Local Security Checks NASL id FEDORA_2014-16243.NASL description Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-15 plugin id 79924 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79924 title Fedora 20 : dbus-1.6.28-1.fc20 (2014-16243) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-690.NASL description dbus-1 was updated to version 1.8.10 to fix one security issue and several other issues. This security issue was fixed : - Increase dbus-daemon last seen 2020-06-05 modified 2014-11-20 plugin id 79349 published 2014-11-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79349 title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1455-1)
References
- http://www.securityfocus.com/bid/71012
- https://bugs.freedesktop.org/show_bug.cgi?id=85105
- http://www.openwall.com/lists/oss-security/2014/11/10/2
- http://www.ubuntu.com/usn/USN-2425-1
- http://secunia.com/advisories/62603
- http://www.debian.org/security/2014/dsa-3099
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://advisories.mageia.org/MGASA-2014-0457.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98576