Summary
Detail | |||
---|---|---|---|
Vendor | Freedesktop | First view | 2008-02-29 |
Product | Dbus | Last view | 2023-06-08 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2023-06-08 | CVE-2023-34969 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. |
6.5 | 2022-10-10 | CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. |
6.5 | 2022-10-10 | CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. |
6.5 | 2022-10-10 | CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. |
7.8 | 2021-02-15 | CVE-2020-35512 | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors |
5.5 | 2020-06-08 | CVE-2020-12049 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
7.1 | 2019-06-11 | CVE-2019-12749 | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
1.9 | 2015-02-13 | CVE-2015-0245 | D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. |
2.1 | 2014-11-18 | CVE-2014-7824 | D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. |
1.9 | 2014-10-25 | CVE-2014-3636 | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. |
2.1 | 2014-09-22 | CVE-2014-3639 | The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. |
2.1 | 2014-09-22 | CVE-2014-3638 | The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. |
2.1 | 2014-09-22 | CVE-2014-3637 | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. |
4.4 | 2014-09-22 | CVE-2014-3635 | Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. |
2.1 | 2014-07-19 | CVE-2014-3533 | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. |
2.1 | 2014-07-19 | CVE-2014-3532 | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. |
2.1 | 2014-07-01 | CVE-2014-3477 | The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. |
1.9 | 2013-07-03 | CVE-2013-2168 | The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. |
3.3 | 2011-06-22 | CVE-2011-2533 | The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. |
4.6 | 2011-06-22 | CVE-2011-2200 | The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. |
2.1 | 2010-12-30 | CVE-2010-4352 | Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. |
3.6 | 2009-04-27 | CVE-2009-1189 | The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. |
4.6 | 2008-12-09 | CVE-2008-4311 | The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. |
2.1 | 2008-10-07 | CVE-2008-3834 | The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. |
4.6 | 2008-02-29 | CVE-2008-0595 | dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (6) | CWE-20 | Improper Input Validation |
23% (5) | CWE-399 | Resource Management Errors |
9% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
4% (1) | CWE-416 | Use After Free |
4% (1) | CWE-404 | Improper Resource Shutdown or Release |
4% (1) | CWE-362 | Race Condition |
4% (1) | CWE-347 | Improper Verification of Cryptographic Signature |
4% (1) | CWE-129 | Improper Validation of Array Index |
4% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
4% (1) | CWE-17 | Code |
4% (1) | CWE-16 | Configuration |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9353 | dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_i... |
oval:org.mitre.oval:def:8119 | DSA-1599 dbus -- programming error |
oval:org.mitre.oval:def:20329 | DSA-1599-1 dbus |
oval:org.mitre.oval:def:22397 | ELSA-2008:0159: dbus security update (Moderate) |
oval:org.mitre.oval:def:8101 | DSA-1658 dbus -- programming error |
oval:org.mitre.oval:def:18560 | DSA-1658-1 dbus - denial of service |
oval:org.mitre.oval:def:17531 | USN-653-1 -- dbus vulnerabilities |
oval:org.mitre.oval:def:10253 | The dbus_signature_validate function in the D-bus library (libdbus) before 1.... |
oval:org.mitre.oval:def:21763 | ELSA-2009:0008: dbus security update (Moderate) |
oval:org.mitre.oval:def:29288 | RHSA-2009:0008 -- dbus security update (Moderate) |
oval:org.mitre.oval:def:7908 | DSA-1837 dbus -- programming error |
oval:org.mitre.oval:def:21815 | RHSA-2010:0018: dbus security update (Moderate) |
oval:org.mitre.oval:def:13931 | USN-799-1 -- dbus vulnerability |
oval:org.mitre.oval:def:13451 | DSA-1837-1 dbus -- programming error |
oval:org.mitre.oval:def:10308 | The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) i... |
oval:org.mitre.oval:def:22736 | ELSA-2010:0018: dbus security update (Moderate) |
oval:org.mitre.oval:def:28184 | DEPRECATED: ELSA-2010-0018 -- dbus security update (moderate) |
oval:org.mitre.oval:def:21906 | RHSA-2011:0376: dbus security update (Moderate) |
oval:org.mitre.oval:def:12845 | DSA-2149-1 dbus -- denial of service |
oval:org.mitre.oval:def:12742 | USN-1044-1 -- dbus vulnerability |
oval:org.mitre.oval:def:23267 | ELSA-2011:0376: dbus security update (Moderate) |
oval:org.mitre.oval:def:22705 | DEPRECATED: ELSA-2011:0376: dbus security update (Moderate) |
oval:org.mitre.oval:def:28105 | DEPRECATED: ELSA-2011-0376 -- dbus security update (moderate) |
oval:org.mitre.oval:def:22095 | RHSA-2011:1132: dbus security update (Moderate) |
oval:org.mitre.oval:def:13734 | USN-1176-1 -- dbus vulnerability |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
73292 | D-Bus configure Script Temporary File Symlink Arbitrary File Overwrite |
72896 | D-Bus dbus-marshal-header.c _dbus_header_byteswap Function Message Byte Order... |
69883 | D-Bus Message Validation Nested Variants DoS |
56165 | D-Bus dbus-marshal-validate.c _dbus_validate_signature_with_reason Function C... |
50644 | D-Bus system.conf Default Configuration Message Transmission Local Access Res... |
48990 | D-bus Library (libdbus) dbus_signature_validate Function Malformed Signature ... |
43038 | D-Bus dbus-daemon send_interface Local Security Policy Bypass |
ExploitDB Exploits
id | Description |
---|---|
7822 | D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service Exploit |
OpenVAS Exploits
id | Description |
---|---|
2012-07-30 | Name : CentOS Update for dbus CESA-2011:1132 centos5 x86_64 File : nvt/gb_CESA-2011_1132_dbus_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for dbus CESA-2011:0376 centos5 x86_64 File : nvt/gb_CESA-2011_0376_dbus_centos5_x86_64.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-14 (D-Bus) File : nvt/glsa_201110_14.nasl |
2011-09-23 | Name : CentOS Update for dbus CESA-2011:1132 centos5 i386 File : nvt/gb_CESA-2011_1132_dbus_centos5_i386.nasl |
2011-08-18 | Name : Fedora Update for dbus FEDORA-2011-9817 File : nvt/gb_fedora_2011_9817_dbus_fc14.nasl |
2011-08-12 | Name : Fedora Update for dbus FEDORA-2011-9891 File : nvt/gb_fedora_2011_9891_dbus_fc15.nasl |
2011-08-12 | Name : RedHat Update for dbus RHSA-2011:1132-01 File : nvt/gb_RHSA-2011_1132-01_dbus.nasl |
2011-08-09 | Name : CentOS Update for dbus CESA-2009:0008 centos5 i386 File : nvt/gb_CESA-2009_0008_dbus_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for dbus CESA-2010:0018 centos5 i386 File : nvt/gb_CESA-2010_0018_dbus_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for dbus CESA-2011:0376 centos5 i386 File : nvt/gb_CESA-2011_0376_dbus_centos5_i386.nasl |
2011-08-02 | Name : Ubuntu Update for dbus USN-1176-1 File : nvt/gb_ubuntu_USN_1176_1.nasl |
2011-04-19 | Name : Fedora Update for dbus FEDORA-2010-19178 File : nvt/gb_fedora_2010_19178_dbus_fc13.nasl |
2011-03-25 | Name : RedHat Update for dbus RHSA-2011:0376-01 File : nvt/gb_RHSA-2011_0376-01_dbus.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2149-1 (dbus) File : nvt/deb_2149_1.nasl |
2011-01-21 | Name : Ubuntu Update for dbus vulnerability USN-1044-1 File : nvt/gb_ubuntu_USN_1044_1.nasl |
2010-12-28 | Name : Fedora Update for dbus FEDORA-2010-19166 File : nvt/gb_fedora_2010_19166_dbus_fc14.nasl |
2010-01-15 | Name : RedHat Update for dbus RHSA-2010:0018-01 File : nvt/gb_RHSA-2010_0018-01_dbus.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:256-1 (dbus) File : nvt/mdksa_2009_256_1.nasl |
2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:256 (dbus) File : nvt/mdksa_2009_256.nasl |
2009-10-13 | Name : SLES10: Security update for dbus File : nvt/sles10_dbus-1.nasl |
2009-10-13 | Name : SLES10: Security update for dbus File : nvt/sles10_dbus-10.nasl |
2009-10-13 | Name : SLES10: Security update for hal File : nvt/sles10_hal.nasl |
2009-10-11 | Name : SLES11: Security update for dbus File : nvt/sles11_dbus-1.nasl |
2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1037.nasl - Type: ACT_GATHER_INFO |
2017-01-12 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-20.nasl - Type: ACT_GATHER_INFO |
2016-11-07 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1269.nasl - Type: ACT_GATHER_INFO |
2016-11-02 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3116-1.nasl - Type: ACT_GATHER_INFO |
2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0004_remote.nasl - Type: ACT_GATHER_INFO |
2015-09-15 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL17256.nasl - Type: ACT_GATHER_INFO |
2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2014-1724-1.nasl - Type: ACT_GATHER_INFO |
2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-0457-1.nasl - Type: ACT_GATHER_INFO |
2015-03-31 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-176.nasl - Type: ACT_GATHER_INFO |
2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-87.nasl - Type: ACT_GATHER_INFO |
2015-03-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201503-02.nasl - Type: ACT_GATHER_INFO |
2015-02-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-150.nasl - Type: ACT_GATHER_INFO |
2015-02-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3161.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_dbus_20140731.nasl - Type: ACT_GATHER_INFO |
2015-01-02 | Name: The remote Fedora host is missing a security update. File: fedora_2014-17570.nasl - Type: ACT_GATHER_INFO |
2015-01-02 | Name: The remote Fedora host is missing a security update. File: fedora_2014-17595.nasl - Type: ACT_GATHER_INFO |
2014-12-22 | Name: The remote Fedora host is missing a security update. File: fedora_2014-16227.nasl - Type: ACT_GATHER_INFO |
2014-12-17 | Name: The remote Fedora host is missing a security update. File: fedora_2014-16147.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3099.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Fedora host is missing a security update. File: fedora_2014-16243.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-12.nasl - Type: ACT_GATHER_INFO |
2014-11-28 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2425-1.nasl - Type: ACT_GATHER_INFO |
2014-11-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-690.nasl - Type: ACT_GATHER_INFO |
2014-11-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-691.nasl - Type: ACT_GATHER_INFO |
2014-11-19 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2014-214.nasl - Type: ACT_GATHER_INFO |