Executive Summary

Informations
Name MDVSA-2014:148 First vendor Publication 2014-07-31
Vendor Mandriva Last vendor Modification 2014-07-31
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated dbus packages fix security vulnerabilities:

A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3532).

A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause an invalid file descriptor to be forwarded to a service or application, causing it to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3533).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:148

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25113
 
Oval ID: oval:org.mitre.oval:def:25113
Title: USN-2275-1 -- dbus vulnerabilities
Description: Several security issues were fixed in DBus.
Family: unix Class: patch
Reference(s): USN-2275-1
CVE-2014-3477
CVE-2014-3532
CVE-2014-3533
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25280
 
Oval ID: oval:org.mitre.oval:def:25280
Title: DSA-2971-1 -- dbus - security update
Description: Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system.
Family: unix Class: patch
Reference(s): DSA-2971-1
CVE-2014-3477
CVE-2014-3532
CVE-2014-3533
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): dbus
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 111
Os 1
Os 2
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1037.nasl - Type : ACT_GATHER_INFO
2015-03-31 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-176.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17570.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17595.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-12.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-557.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-558.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-148.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-465.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-466.nasl - Type : ACT_GATHER_INFO
2014-07-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2275-1.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8059.nasl - Type : ACT_GATHER_INFO
2014-07-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e6a7636a02d011e488b6080027671656.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2971.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-08-02 13:24:25
  • Multiple Updates
2014-07-31 17:21:17
  • First insertion