Ubuntu Security Notice 3116-1 - It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. Various other issues were also addressed.
67101c4e6507897aa7f48d3358d4f1aa0de30612b876d3ed686adc70d4abfbe2Mandriva Linux Security Advisory 2015-176 - Updated dbus packages fix multiple security vulnerabilities.
4be93103f6f354ef453a2dc02b3ccf964ab78327305a7f7671ec1fe2b6855df4Gentoo Linux Security Advisory 201503-2 - A vulnerability has been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.16 are affected.
a6a8d7ba46ea206d024636d750e906df8bd257cbc82592d349cdaa671b9762a8Debian Linux Security Advisory 3161-1 - Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.
2aa70c387619edf5818fcdac52d8d84392b4ab17ce8511cb0c1f79f7b11e9cc6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed