{"id": "CVE-2013-2168", "bulletinFamily": "NVD", "title": "CVE-2013-2168", "description": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.", "published": "2013-07-03T14:55:01", "modified": "2017-09-18T21:36:15", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2168", "reporter": "NVD", "references": ["http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html", "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html", "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", "http://www.openwall.com/lists/oss-security/2013/06/13/2", "http://www.securitytracker.com/id/1028667", "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7", "https://bugzilla.redhat.com/show_bug.cgi?id=974109", "http://www.debian.org/security/2013/dsa-2707", "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html", "http://www.securityfocus.com/bid/60546", "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html", "http://www.ubuntu.com/usn/USN-1874-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"], "cvelist": ["CVE-2013-2168"], "type": "cve", "lastseen": "2017-09-19T13:38:43", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16881", "name": "oval:org.mitre.oval:def:16881", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:d-bus_project:d-bus:1.7.2", "cpe:/a:d-bus_project:d-bus:1.6.2", "cpe:/o:novell:opensuse:12.3", "cpe:/a:d-bus_project:d-bus:1.4.20", "cpe:/a:d-bus_project:d-bus:1.4.4", "cpe:/a:d-bus_project:d-bus:1.4.10", "cpe:/a:d-bus_project:d-bus:1.4.16", "cpe:/a:d-bus_project:d-bus:1.6.6", "cpe:/a:d-bus_project:d-bus:1.7.0", "cpe:/a:d-bus_project:d-bus:1.6.0", "cpe:/a:d-bus_project:d-bus:1.4.1", "cpe:/a:d-bus_project:d-bus:1.4.8", "cpe:/a:d-bus_project:d-bus:1.4.18", "cpe:/a:d-bus_project:d-bus:1.4.14", "cpe:/a:d-bus_project:d-bus:1.4.6", "cpe:/a:d-bus_project:d-bus:1.4.12", "cpe:/a:d-bus_project:d-bus:1.4.24", "cpe:/a:d-bus_project:d-bus:1.6.4", "cpe:/a:d-bus_project:d-bus:1.6.10", "cpe:/a:d-bus_project:d-bus:1.4.0", "cpe:/a:d-bus_project:d-bus:1.6.8", "cpe:/a:d-bus_project:d-bus:1.6.16"], "cvelist": ["CVE-2013-2168"], "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.", "edition": 1, "enchantments": {}, "hash": "47e49669e41aea32ba538ecb11cfc8772c88141f6ca1034b4611a10690046dee", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "490cff8ab829e1d0b4427f52d34cea4f", "key": "href"}, {"hash": "f5707d0a53180aa1d909d48eab5091a2", "key": "cvss"}, {"hash": "7c5b6bac10a73d550ef5e9cb480f79ea", "key": "title"}, {"hash": "5430b02449b7c896e119384a82217b6c", "key": "published"}, {"hash": "eed0c492d3a74551c9e9521a8c3d68c8", "key": "cpe"}, {"hash": "8a4a78835eb87b561459c99a4da20d38", "key": "assessment"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ce3ad475f7cebcd308f7494ba8941e11", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6ad0fec33eaadf514901b90cf2ef1cb0", "key": "modified"}, {"hash": "8b2e9c0fce39dd770b64760f89dff43d", "key": "cvelist"}, {"hash": "0f2282ab916f7eacd6bd1d5f3ff070e4", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2168", "id": "CVE-2013-2168", "lastseen": "2016-09-03T18:19:30", "modified": "2015-11-20T10:57:03", "objectVersion": "1.2", "published": "2013-07-03T14:55:01", "references": ["http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html", "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html", "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", "http://www.openwall.com/lists/oss-security/2013/06/13/2", "http://www.securitytracker.com/id/1028667", "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7", "https://bugzilla.redhat.com/show_bug.cgi?id=974109", "http://www.debian.org/security/2013/dsa-2707", "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html", "http://www.securityfocus.com/bid/60546", "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html", "http://www.ubuntu.com/usn/USN-1874-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"], "reporter": "NVD", "scanner": [], "title": "CVE-2013-2168", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 1, "lastseen": "2016-09-03T18:19:30"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "34439169c2f36157d29c106e8bddf16f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "eed0c492d3a74551c9e9521a8c3d68c8"}, {"key": "cvelist", "hash": "8b2e9c0fce39dd770b64760f89dff43d"}, {"key": "cvss", "hash": "f5707d0a53180aa1d909d48eab5091a2"}, {"key": "description", "hash": "ce3ad475f7cebcd308f7494ba8941e11"}, {"key": "href", "hash": "490cff8ab829e1d0b4427f52d34cea4f"}, {"key": "modified", "hash": "cf92e635cbe3344f4068fe253958d1fa"}, {"key": "published", "hash": "5430b02449b7c896e119384a82217b6c"}, {"key": "references", "hash": "0f2282ab916f7eacd6bd1d5f3ff070e4"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7c5b6bac10a73d550ef5e9cb480f79ea"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7ce40459d406f427736c730f544903ff4fa9761837dbbf9e37864ac9b8a0c004", "viewCount": 0, "enchantments": {"vulnersScore": 1.9}, "objectVersion": "1.3", "cpe": ["cpe:/a:d-bus_project:d-bus:1.7.2", "cpe:/a:d-bus_project:d-bus:1.6.2", "cpe:/o:novell:opensuse:12.3", "cpe:/a:d-bus_project:d-bus:1.4.20", "cpe:/a:d-bus_project:d-bus:1.4.4", "cpe:/a:d-bus_project:d-bus:1.4.10", "cpe:/a:d-bus_project:d-bus:1.4.16", "cpe:/a:d-bus_project:d-bus:1.6.6", "cpe:/a:d-bus_project:d-bus:1.7.0", "cpe:/a:d-bus_project:d-bus:1.6.0", "cpe:/a:d-bus_project:d-bus:1.4.1", "cpe:/a:d-bus_project:d-bus:1.4.8", "cpe:/a:d-bus_project:d-bus:1.4.18", "cpe:/a:d-bus_project:d-bus:1.4.14", "cpe:/a:d-bus_project:d-bus:1.4.6", "cpe:/a:d-bus_project:d-bus:1.4.12", "cpe:/a:d-bus_project:d-bus:1.4.24", "cpe:/a:d-bus_project:d-bus:1.6.4", "cpe:/a:d-bus_project:d-bus:1.6.10", "cpe:/a:d-bus_project:d-bus:1.4.0", "cpe:/a:d-bus_project:d-bus:1.6.8", "cpe:/a:d-bus_project:d-bus:1.6.16"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881", "name": "oval:org.mitre.oval:def:16881", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": []}

{"result": {"nessus": [{"id": "FEDORA_2013-11142.NASL", "type": "nessus", "title": "Fedora 19 : dbus-1.6.12-1.fc19 (2013-11142)", "description": "I tested locally by just booting; the fix itself is low risk, but this includes a new upstream version rebase.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67298", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:26:31"}, {"id": "SLACKWARE_SSA_2013-191-01.NASL", "type": "nessus", "title": "Slackware 14.0 / current : dbus (SSA:2013-191-01)", "description": "New dbus packages are available for Slackware 14.0, and -current to fix a security issue.", "published": "2013-07-11T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67234", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:24:09"}, {"id": "SOLARIS11_DBUS_20140731.NASL", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : dbus (cve_2013_2168_input_validation)", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. (CVE-2013-2168)", "published": "2015-01-19T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80599", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:26:41"}, {"id": "UBUNTU_USN-1874-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : dbus vulnerability (USN-1874-1)", "description": "Alexandru Cornea discovered that DBus incorrectly handled certain messages. A local attacker could use this issue to cause system services to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-06-14T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66892", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:24:07"}, {"id": "OPENSUSE-2013-545.NASL", "type": "nessus", "title": "openSUSE Security Update : dbus-1 (openSUSE-SU-2013:1118-1)", "description": "This dbus-1 update fixes a security vulnerability.\n\n - Added CVE-2013-2168.patch, fixes referenced vulnerability (bnc#824607)", "published": "2014-06-13T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75066", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:25:48"}, {"id": "MANDRIVA_MDVSA-2013-177.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : dbus (MDVSA-2013:177)", "description": "Updated dbus packages fix security vulnerability.\n\nAlexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash (CVE-2013-2168).", "published": "2013-06-26T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66977", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:25:51"}, {"id": "GENTOO_GLSA-201308-02.NASL", "type": "nessus", "title": "GLSA-201308-02 : D-Bus: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-201308-02 (D-Bus: Denial of Service)\n\n D-Bus’ _dbus_printf_string_upper_bound() function crashes if it returns exactly 1024 bytes.\n Impact :\n\n A local attacker could provide specially crafted input to an application using D-Bus which would cause _dbus_printf_string_upper_bound() to return 1024 bytes and crash, causing a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2013-08-23T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69453", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:25:58"}, {"id": "DEBIAN_DSA-2707.NASL", "type": "nessus", "title": "Debian DSA-2707-1 : dbus - denial of service", "description": "Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.\n\nThe oldstable distribution (squeeze) is not affected by this problem.", "published": "2013-06-17T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66905", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:25:13"}, {"id": "FEDORA_2013-11198.NASL", "type": "nessus", "title": "Fedora 18 : dbus-1.6.12-1.fc18 (2013-11198)", "description": "Not tested locally yet, I need to spin back up a Fedora 18 VM.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67299", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:24:17"}, {"id": "FREEBSD_PKG_4E9E410BD46211E28D57080027019BE0.NASL", "type": "nessus", "title": "FreeBSD : dbus -- local dos (4e9e410b-d462-11e2-8d57-080027019be0)", "description": "Simon McVittie reports :\n\nAlexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. It is platform-specific: x86-64 Linux is known to be affected.", "published": "2013-06-14T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66889", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:26:17"}], "debian": [{"id": "DSA-2707", "type": "debian", "title": "dbus -- denial of service", "description": "Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.\n\nThe oldstable distribution (squeeze) is not affected by this problem.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in version 1.6.12-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.6.12-1.\n\nWe recommend that you upgrade your dbus packages.", "published": "2013-06-13T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2707", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-02T18:24:50"}], "openvas": [{"id": "OPENVAS:892707", "type": "openvas", "title": "Debian Security Advisory DSA 2707-1 (dbus - denial of service)", "description": "Alexandru Cornea discovered a vulnerability in libdbus caused by an\nimplementation bug in _dbus_printf_string_upper_bound(). This\nvulnerability can be exploited by a local user to crash system services\nthat use libdbus, causing denial of service. Depending on the dbus\nservices running, it could lead to complete system crash.\n\nThe oldstable distribution (squeeze) is not affected by this problem.", "published": "2013-06-13T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892707", "cvelist": ["CVE-2013-2168"], "lastseen": "2017-07-24T12:51:21"}, {"id": "OPENVAS:866030", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2013-11198", "description": "Check for the Version of dbus", "published": "2013-06-27T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=866030", "cvelist": ["CVE-2013-2168"], "lastseen": "2017-07-25T10:51:39"}, {"id": "OPENVAS:1361412562310121010", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201308-02", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201308-02", "published": "2015-09-29T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121010", "cvelist": ["CVE-2013-2168"], "lastseen": "2017-07-24T12:52:50"}, {"id": "OPENVAS:841474", "type": "openvas", "title": "Ubuntu Update for dbus USN-1874-1", "description": "Check for the Version of dbus", "published": "2013-06-18T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841474", "cvelist": ["CVE-2013-2168"], "lastseen": "2017-07-25T10:51:34"}, {"id": "OPENVAS:1361412562310868618", "type": "openvas", "title": "Fedora Update for dbus FEDORA-2014-16227", "description": "Check the version of dbus", "published": "2014-12-20T00:00:00", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868618", "cvelist": ["CVE-2014-3636", "CVE-2014-3638", "CVE-2014-3532", "CVE-2014-3533", "CVE-2013-2168", "CVE-2014-3635", "CVE-2014-3637", "CVE-2014-3477", "CVE-2014-7824", "CVE-2014-3639"], "lastseen": "2017-07-27T10:48:50"}], "gentoo": [{"id": "GLSA-201308-02", "type": "gentoo", "title": "D-Bus: Denial of Service", "description": "### Background\n\nD-Bus is a message bus system which processes can use to talk to each other. \n\n### Description\n\nD-Bus\u2019 _dbus_printf_string_upper_bound() function crashes if it returns exactly 1024 bytes. \n\n### Impact\n\nA local attacker could provide specially-crafted input to an application using D-Bus which would cause _dbus_printf_string_upper_bound() to return 1024 bytes and crash, causing a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll D-Bus users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/dbus-1.6.12\"", "published": "2013-08-22T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201308-02", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-06T19:46:27"}], "ubuntu": [{"id": "USN-1874-1", "type": "ubuntu", "title": "DBus vulnerability", "description": "Alexandru Cornea discovered that DBus incorrectly handled certain messages. \nA local attacker could use this issue to cause system services to crash, \nresulting in a denial of service.", "published": "2013-06-13T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-1874-1/", "cvelist": ["CVE-2013-2168"], "lastseen": "2017-08-09T19:12:44"}], "freebsd": [{"id": "4E9E410B-D462-11E2-8D57-080027019BE0", "type": "freebsd", "title": "dbus -- local dos", "description": "\nSimon McVittie reports:\n\nAlexandru Cornea discovered a vulnerability in libdbus caused\n\t by an implementation bug in _dbus_printf_string_upper_bound().\n\t This vulnerability can be exploited by a local user to crash\n\t system services that use libdbus, causing denial of service.\n\t It is platform-specific: x86-64 Linux is known to be affected.\n\n", "published": "2013-06-13T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/4e9e410b-d462-11e2-8d57-080027019be0.html", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-26T17:24:29"}], "slackware": [{"id": "SSA-2013-191-01", "type": "slackware", "title": "dbus", "description": "New dbus packages are available for Slackware 14.0, and -current to fix a \nsecurity issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/dbus-1.4.20-i486-4_slack14.0.txz: Rebuilt.\n This update fixes a security issue where misuse of va_list could be used to\n cause a denial of service for system services.\n Vulnerability reported by Alexandru Cornea.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dbus-1.4.20-i486-4_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dbus-1.4.20-x86_64-4_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/dbus-1.6.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/dbus-1.6.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\na720afc6cb939df64d9b6e15ad3d20ff dbus-1.4.20-i486-4_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nff619d4caa1c438435bad5cc5d57c24c dbus-1.4.20-x86_64-4_slack14.0.txz\n\nSlackware -current package:\nf3f0e28aecabb58b212d3bd580a194e4 a/dbus-1.6.12-i486-1.txz\n\nSlackware x86_64 -current package:\ncfd43378f0947229b58e95396192a7b7 a/dbus-1.6.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg dbus-1.4.20-i486-4_slack14.0.txz", "published": "2013-07-10T01:20:39", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.347923", "cvelist": ["CVE-2013-2168"], "lastseen": "2016-09-07T19:54:28"}]}}