VuXML ID | Description |
4e9e410b-d462-11e2-8d57-080027019be0 | dbus -- local dos
Simon McVittie reports:
Alexandru Cornea discovered a vulnerability in libdbus caused
by an implementation bug in _dbus_printf_string_upper_bound().
This vulnerability can be exploited by a local user to crash
system services that use libdbus, causing denial of service.
It is platform-specific: x86-64 Linux is known to be affected.
Discovery 2013-06-13 Entry 2013-06-13 dbus
< 1.6.12
CVE-2013-2168
http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
|
52bbc7e8-f13c-11e3-bc09-bcaec565249c | dbus -- local DoS
Simon MvVittie reports:
Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual
environments the same flaw could lead to a side channel between
processes that should not be able to communicate.
Discovery 2014-06-10 Entry 2014-06-14 dbus
ge 1.8.0 lt 1.8.4
< 1.6.20
CVE-2014-3477
http://lists.freedesktop.org/archives/dbus/2014-June/016220.html
|
27616957-b084-11ea-937b-b42e99a1b9c3 | dbus file descriptor leak
GitHub Security Lab reports:
D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors.
An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine.
Discovery 2020-04-09 Entry 2020-07-03 dbus
< 1.12.18
https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
https://www.openwall.com/lists/oss-security/2020/06/04/3
CVE-2020-12049
|
5b47b70d-8ba9-11db-81d5-00123ffe8333 | dbus -- match_rule_equal() Weakness
Secunia reports:
D-Bus have a weakness, which can be exploited by malicious, local
users to cause a DoS (Denial of Service).
An error within the "match_rule_equal()" function can be
exploited to disable the ability of other processes to receive
messages by removing their matches from D-Bus.
Discovery 2006-12-12 Entry 2006-12-14 dbus
< 1.0.2
CVE-2006-6107
http://www.freedesktop.org/wiki/Software/dbus
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218055
http://secunia.com/advisories/23373/
|
e6a7636a-02d0-11e4-88b6-080027671656 | dbus -- multiple vulnerabilities
Simon McVittie reports:
Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's
support for file descriptor passing. A malicious process could
force system services or user applications to be disconnected
from the D-Bus system bus by sending them a message containing
a file descriptor, then causing that file descriptor to exceed
the kernel's maximum recursion depth (itself introduced to fix
a DoS) before dbus-daemon forwards the message to the victim
process. Most services and applications exit when disconnected
from the system bus, leading to a denial of service.
Additionally, Alban discovered that bug fd.o#79694, a bug
previously reported by Alejandro MartÃnez Suárez which was n
believed to be security flaw, could be used for a similar denial
of service, by causing dbus-daemon to attempt to forward invalid
file descriptors to a victim process when file descriptors become
associated with the wrong message.
Discovery 2014-07-02 Entry 2014-07-03 dbus
< 1.8.6
CVE-2014-3532
CVE-2014-3533
http://lists.freedesktop.org/archives/dbus/2014-July/016235.html
|
c1930f45-6982-11e4-80e1-bcaec565249c | dbus -- incomplete fix for CVE-2014-3636 part A
Simon McVittie reports:
The patch issued by the D-Bus maintainers for CVE-2014-3636
was based on incorrect reasoning, and does not fully prevent
the attack described as "CVE-2014-3636 part A", which is
repeated below. Preventing that attack requires raising the
system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher
value. CVE-2014-7824 has been allocated for this
vulnerability.
Discovery 2014-11-10 Entry 2014-11-11 dbus
< 1.8.10
CVE-2014-7824
http://lists.freedesktop.org/archives/dbus/2014-November/016395.html
|
38242d51-3e58-11e4-ac2f-bcaec565249c | dbus -- multiple vulnerabilities
Simon McVittie reports:
Do not accept an extra fd in the padding of a cmsg message,
which could lead to a 4-byte heap buffer overrun
(CVE-2014-3635).
Reduce default for maximum Unix file descriptors passed per
message from 1024 to 16, preventing a uid with the default
maximum number of connections from exhausting the system
bus' file descriptors under Linux's default rlimit
(CVE-2014-3636).
Disconnect connections that still have a fd pending
unmarshalling after a new configurable limit,
pending_fd_timeout (defaulting to 150 seconds), removing
the possibility of creating an abusive connection that
cannot be disconnected by setting up a circular reference
to a connection's file descriptor (CVE-2014-3637).
Reduce default for maximum pending replies per connection
from 8192 to 128, mitigating an algorithmic complexity
denial-of-service attack (CVE-2014-3638).
Reduce default for authentication timeout on the system
bus from 30 seconds to 5 seconds, avoiding denial of service
by using up all unauthenticated connection slots; and when
all unauthenticated connection slots are used up, make new
connection attempts block instead of disconnecting them
(CVE-2014-3639).
Discovery 2014-09-16 Entry 2014-09-17 dbus
< 1.8.8
CVE-2014-3635
CVE-2014-3636
CVE-2014-3637
CVE-2014-3638
CVE-2014-3639
http://lists.freedesktop.org/archives/dbus/2014-September/016343.html
|