Vulnerabilities > CVE-2019-12749 - Link Following vulnerability in multiple products

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
freedesktop
canonical
CWE-59
nessus

Summary

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Vulnerable Configurations

Part Description Count
Application
Freedesktop
166
OS
Canonical
4

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Symlink Attack
    An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0173_DBUS.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has dbus packages installed that are affected by a vulnerability: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id128693
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128693
    titleNewStart CGSL MAIN 4.06 : dbus Vulnerability (NS-SA-2019-0173)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0173. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128693);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/17 14:31:05");
    
      script_cve_id("CVE-2019-12749");
    
      script_name(english:"NewStart CGSL MAIN 4.06 : dbus Vulnerability (NS-SA-2019-0173)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.06, has dbus packages installed that are affected by a
    vulnerability:
    
      - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x
        before 1.13.12, as used in DBusServer in Canonical
        Upstart in Ubuntu 14.04 (and in some, less common, uses
        of dbus-daemon), allows cookie spoofing because of
        symlink mishandling in the reference implementation of
        DBUS_COOKIE_SHA1 in the libdbus library. (This only
        affects the DBUS_COOKIE_SHA1 authentication mechanism.)
        A malicious client with write access to its own home
        directory could manipulate a ~/.dbus-keyrings symlink to
        cause a DBusServer with a different uid to read and
        write in unintended locations. In the worst case, this
        could result in the DBusServer reusing a cookie that is
        known to the malicious client, and treating that cookie
        as evidence that a subsequent client connection came
        from an attacker-chosen uid, allowing authentication
        bypass. (CVE-2019-12749)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0173");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL dbus packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12749");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.06")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.06": [
        "dbus-1.2.24-11.el6_10",
        "dbus-debuginfo-1.2.24-11.el6_10",
        "dbus-devel-1.2.24-11.el6_10",
        "dbus-doc-1.2.24-11.el6_10",
        "dbus-libs-1.2.24-11.el6_10",
        "dbus-x11-1.2.24-11.el6_10"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1706.NASL
    descriptionAccording to the version of the dbus packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.(CVE-2019-12749) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126548
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126548
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : dbus (EulerOS-SA-2019-1706)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126548);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id(
        "CVE-2019-12749"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : dbus (EulerOS-SA-2019-1706)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the dbus packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x
        before 1.13.12, as used in DBusServer in Canonical
        Upstart in Ubuntu 14.04 (and in some, less common, uses
        of dbus-daemon), allows cookie spoofing because of
        symlink mishandling in the reference implementation of
        DBUS_COOKIE_SHA1 in the libdbus library. (This only
        affects the DBUS_COOKIE_SHA1 authentication mechanism.)
        A malicious client with write access to its own home
        directory could manipulate a ~/.dbus-keyrings symlink
        to cause a DBusServer with a different uid to read and
        write in unintended locations. In the worst case, this
        could result in the DBusServer reusing a cookie that is
        known to the malicious client, and treating that cookie
        as evidence that a subsequent client connection came
        from an attacker-chosen uid, allowing authentication
        bypass.(CVE-2019-12749)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1706
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?88ec676d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected dbus package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["dbus-1.10.24-7.h9",
            "dbus-libs-1.10.24-7.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1521-1.NASL
    descriptionThis update for dbus-1 fixes the following issues : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Fixes in spec file : &#9;- fix warning and error messages. &#9;- fix licensing directory. (bsc#1082318) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125985
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125985
    titleSUSE SLED15 / SLES15 Security Update : dbus-1 (SUSE-SU-2019:1521-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1521-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125985);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-12749");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : dbus-1 (SUSE-SU-2019:1521-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for dbus-1 fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
    could have allowed local attackers to bypass authentication
    (bsc#1137832).
    
    Fixes in spec file :
    
    &#9;- fix warning and error messages.
    
    &#9;- fix licensing directory. (bsc#1082318)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12749/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191521-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6232671e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-1521=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-1521=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dbus-1-x11-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdbus-1-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dbus-1-32bit-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-debugsource-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-devel-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-x11-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-x11-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"dbus-1-x11-debugsource-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libdbus-1-3-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libdbus-1-3-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"dbus-1-32bit-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libdbus-1-3-32bit-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-debugsource-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-devel-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-x11-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-x11-debuginfo-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"dbus-1-x11-debugsource-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libdbus-1-3-1.12.2-3.5.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libdbus-1-3-debuginfo-1.12.2-3.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0034.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix netlink poll: error 4 (Zhenzhong Duan) - Apply patch for CVE-2019-12749 (#1725574) - Fix CVE-2019-12749 (#1725574) - Add dbus-run-session (#1268972)
    last seen2020-06-01
    modified2020-06-02
    plugin id126669
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126669
    titleOracleVM 3.3 / 3.4 : dbus (OVMSA-2019-0034)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2820-1.NASL
    descriptionThis update for dbus-1 fixes the following issues : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130422
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130422
    titleSUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2019:2820-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2022.NASL
    descriptionAccording to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.(CVE-2019-12749) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129215
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129215
    titleEulerOS 2.0 SP3 : dbus (EulerOS-SA-2019-2022)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2868.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129273
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129273
    titleRHEL 6 : dbus (RHSA-2019:2868)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1727.NASL
    descriptionAccording to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.(CVE-2019-12749) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126854
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126854
    titleEulerOS 2.0 SP2 : dbus (EulerOS-SA-2019-1727)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1673.NASL
    descriptionAccording to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.(CVE-2019-12749) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-02
    plugin id126415
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126415
    titleEulerOS 2.0 SP5 : dbus (EulerOS-SA-2019-1673)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D5DED5326B.NASL
    descriptionUpdate to 1.12.16 Fix CVE-2019-12749 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126018
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126018
    titleFedora 30 : 1:dbus (2019-d5ded5326b)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1767.NASL
    descriptionAccording to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.(CVE-2019-12749) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127004
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127004
    titleEulerOS 2.0 SP8 : dbus (EulerOS-SA-2019-1767)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1726.NASL
    descriptionFrom Red Hat Security Advisory 2019:1726 : An update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126609
    published2019-07-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126609
    titleOracle Linux 6 : dbus (ELSA-2019-1726)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1597-1.NASL
    descriptionThis update for dbus-1 fixes the following issue : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126153
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126153
    titleSUSE SLED15 / SLES15 Security Update : dbus-1 (SUSE-SU-2019:1597-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4015-1.NASL
    descriptionJoe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125852
    published2019-06-12
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125852
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : dbus vulnerability (USN-4015-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0264_DBUS.NASL
    descriptionAn update of the dbus package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132980
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132980
    titlePhoton OS 1.0: Dbus PHSA-2020-1.0-0264
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1750.NASL
    descriptionThis update for dbus-1 fixes the following issues : Security issue fixed:&#9; - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126891
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126891
    titleopenSUSE Security Update : dbus-1 (openSUSE-2019-1750)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1726.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126649
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126649
    titleCentOS 6 : dbus (CESA-2019:1726)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1246.NASL
    descriptiondbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)
    last seen2020-06-01
    modified2020-06-02
    plugin id127074
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127074
    titleAmazon Linux AMI : dbus (ALAS-2019-1246)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3707.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130574
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130574
    titleRHEL 8 : dbus (RHSA-2019:3707)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1604.NASL
    descriptionThis update for dbus-1 fixes the following issues : Security issue fixed : - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126229
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126229
    titleopenSUSE Security Update : dbus-1 (openSUSE-2019-1604)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1671.NASL
    descriptionThis update for dbus-1 fixes the following issue : Security issue fixed : - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126371
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126371
    titleopenSUSE Security Update : dbus-1 (openSUSE-2019-1671)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1726.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126612
    published2019-07-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126612
    titleRHEL 6 : dbus (RHSA-2019:1726)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1818.NASL
    descriptionJoe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw to bypass authentication and connect to a DBusServer with elevated privileges. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125926
    published2019-06-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125926
    titleDebian DLA-1818-1 : dbus security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1591-1.NASL
    descriptionThis update for dbus-1 fixes the following issue : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126149
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126149
    titleSUSE SLES12 Security Update : dbus-1 (SUSE-SU-2019:1591-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4462.NASL
    descriptionJoe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration are not affected by this vulnerability. The vulnerability was addressed by upgrading dbus to a new upstream version 1.10.28 which includes additional fixes.
    last seen2020-06-01
    modified2020-06-02
    plugin id125905
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125905
    titleDebian DSA-4462-1 : dbus - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1595-1.NASL
    descriptionThis update for dbus-1 fixes the following issues : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126151
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126151
    titleSUSE SLED15 / SLES15 Security Update : dbus-1 (SUSE-SU-2019:1595-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190710_DBUS_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)
    last seen2020-03-18
    modified2019-07-11
    plugin id126613
    published2019-07-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126613
    titleScientific Linux Security Update : dbus on SL6.x i386/x86_64 (20190710)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201909-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201909-08 (D-Bus: Authentication bypass) It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. Impact : A local attacker can bypass authentication mechanisms and elevate privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128597
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128597
    titleGLSA-201909-08 : D-Bus: Authentication bypass
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0016_DBUS.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has dbus packages installed that are affected by a vulnerability: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-03-08
    plugin id134309
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134309
    titleNewStart CGSL MAIN 4.05 : dbus Vulnerability (NS-SA-2020-0016)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2870.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129275
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129275
    titleRHEL 6 : dbus (RHSA-2019:2870)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2019-1726.NASL
    descriptionAn update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es) : * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126700
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126700
    titleVirtuozzo 6 : dbus / dbus-devel / dbus-doc / dbus-libs / etc (VZLSA-2019-1726)

Redhat

advisories
  • bugzilla
    id1719344
    titleCVE-2019-12749 dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentdbus-doc is earlier than 1:1.2.24-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20191726001
          • commentdbus-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376002
        • AND
          • commentdbus-libs is earlier than 1:1.2.24-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20191726003
          • commentdbus-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376006
        • AND
          • commentdbus-devel is earlier than 1:1.2.24-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20191726005
          • commentdbus-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376004
        • AND
          • commentdbus is earlier than 1:1.2.24-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20191726007
          • commentdbus is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376008
        • AND
          • commentdbus-x11 is earlier than 1:1.2.24-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20191726009
          • commentdbus-x11 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376010
    rhsa
    idRHSA-2019:1726
    released2019-07-10
    severityImportant
    titleRHSA-2019:1726: dbus security update (Important)
  • bugzilla
    id1719344
    titleCVE-2019-12749 dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentdbus is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707001
          • commentdbus is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376008
        • AND
          • commentdbus-debugsource is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707003
          • commentdbus-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193707004
        • AND
          • commentdbus-tools is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707005
          • commentdbus-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193707006
        • AND
          • commentdbus-libs is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707007
          • commentdbus-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376006
        • AND
          • commentdbus-daemon is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707009
          • commentdbus-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193707010
        • AND
          • commentdbus-common is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707011
          • commentdbus-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193707012
        • AND
          • commentdbus-x11 is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707013
          • commentdbus-x11 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376010
        • AND
          • commentdbus-devel is earlier than 1:1.12.8-9.el8
            ovaloval:com.redhat.rhsa:tst:20193707015
          • commentdbus-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110376004
    rhsa
    idRHSA-2019:3707
    released2019-11-05
    severityModerate
    titleRHSA-2019:3707: dbus security update (Moderate)
  • rhsa
    idRHSA-2019:2868
  • rhsa
    idRHSA-2019:2870
rpms
  • dbus-1:1.2.24-11.el6_10
  • dbus-debuginfo-1:1.2.24-11.el6_10
  • dbus-devel-1:1.2.24-11.el6_10
  • dbus-doc-1:1.2.24-11.el6_10
  • dbus-libs-1:1.2.24-11.el6_10
  • dbus-x11-1:1.2.24-11.el6_10
  • dbus-1:1.2.24-9.el6_6
  • dbus-debuginfo-1:1.2.24-9.el6_6
  • dbus-devel-1:1.2.24-9.el6_6
  • dbus-doc-1:1.2.24-9.el6_6
  • dbus-libs-1:1.2.24-9.el6_6
  • dbus-x11-1:1.2.24-9.el6_6
  • dbus-1:1.2.24-9.el6_5
  • dbus-debuginfo-1:1.2.24-9.el6_5
  • dbus-devel-1:1.2.24-9.el6_5
  • dbus-doc-1:1.2.24-9.el6_5
  • dbus-libs-1:1.2.24-9.el6_5
  • dbus-x11-1:1.2.24-9.el6_5
  • dbus-1:1.12.8-9.el8
  • dbus-common-1:1.12.8-9.el8
  • dbus-daemon-1:1.12.8-9.el8
  • dbus-daemon-debuginfo-1:1.12.8-9.el8
  • dbus-debuginfo-1:1.12.8-9.el8
  • dbus-debugsource-1:1.12.8-9.el8
  • dbus-devel-1:1.12.8-9.el8
  • dbus-libs-1:1.12.8-9.el8
  • dbus-libs-debuginfo-1:1.12.8-9.el8
  • dbus-tests-debuginfo-1:1.12.8-9.el8
  • dbus-tools-1:1.12.8-9.el8
  • dbus-tools-debuginfo-1:1.12.8-9.el8
  • dbus-x11-1:1.12.8-9.el8
  • dbus-x11-debuginfo-1:1.12.8-9.el8

References