Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD1515AADADD0AFD52E52CA73A3C041976A003188D8D09F5FAEAA2DFA6F589CD3
HistoryJan 31, 2019 - 1:45 a.m.

Security Bulletin: Vulnerabilities in dbus affect the IBM Flex System Manager (FSM) (CVE-2014-3638, CVE-2014-3639, CVE-2014-3477)

2019-01-3101:45:01
www.ibm.com
11

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

Vulnerabilities in dbus affect the IBM Flex System Manager (FSM) (CVE-2014-3638, CVE-2014-3639, CVE-2014-3477)

Vulnerability Details

Abstract

Vulnerabilities in dbus affect the IBM Flex System Manager (FSM) (CVE-2014-3638, CVE-2014-3639, CVE-2014-3477)

Content

Vulnerability Details:

CVE-ID: CVE-2014-3477

Description: D-Bus is vulnerable to a denial of service, caused by an error in the dbus-daemon. By sending an activation message, a local attacker could exploit this vulnerability to cause a memory leak and a denial of service.

CVSS Base Score: 2.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93760&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2014-3638

Description: D-Bus is vulnerable to a denial of service, caused by an error related to method call replies. By sending the maximum number of parallel method calls, a local attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 2.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96009&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2014-3639

Description: D-Bus is vulnerable to a denial of service, caused by an error related to incomplete connections. By making repeated connection attempts, a local attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 2.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96010&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

Affected products and versions

  • Flex System Manager 1.1.x.x
  • Flex System Manager 1.2.0.x
  • Flex System Manager 1.2.1.x
  • Flex System Manager 1.3.0.x
  • Flex System Manager 1.3.1.x
  • Flex System Manager 1.3.2.x

Remediation/Fixes:

IBM recommends that you remediate these vulnerabilities through the following code upgrades:

Product VRMF APAR Remediation
Flex System Manager 1.3.2.x IT05293 fsmfix_1.3.2.0_IT05293_05295_05310_05318
Flex System Manager 1.3.1.x IT05293 fsmfix_1.3.1.0_IT05293_05295_05310_05318
Flex System Manager 1.3.0.x IT05293 fsmfix_1.3.0.0_IT05293_05295_05310_05318
Flex System Manager 1.2.1.x IT05293 IBM is no longer providing code update for this release, upgrade to FSM 1.3.2.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager 1.2.0.x IT05293 IBM is no longer providing code update for this release, upgrade to FSM 1.3.2.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager 1.1.1.x IT05293 IBM is no longer providing code update for this release, upgrade to FSM 1.3.2.0 and follow the appropriate remediation for all vulnerabilities.

Workaround(s) & Mitigation(s):

None

Reference:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

None

Change History
11 February 2015: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

osv 3
nessus 24
debian 4
openvas 22
suse 1
ibm 1
f5 6
cve 3
mageia 2
cvelist 3
ubuntucve 4
freebsd 2
prion 3
debiancve 3
fedora 8
ubuntu 2
gentoo 1
securityvulns 3
osv
osv
dbus - security update
2014-11-20 00:00:00
dbus - security update
2014-09-16 00:00:00
dbus - security update
2014-07-02 00:00:00
nessus
nessus
Debian DLA-87-1 : dbus security update
2015-03-26 00:00:00
SuSE 11.3 Security Update : dbus-1 (SAT Patch Number 9733)
2014-09-19 00:00:00
F5 Networks BIG-IP : D-Bus vulnerability (SOL17256)
2015-09-15 00:00:00
debian
debian
[SECURITY] [DLA 87-1] dbus security update
2014-11-20 13:28:55
[SECURITY] [DSA 3026-1] dbus security update
2014-09-16 18:34:28
[SECURITY] [DSA 2971-1] dbus security update
2014-07-02 18:41:00
openvas
openvas
Debian: Security Advisory (DLA-87-1)
2023-03-08 00:00:00
SUSE: Security Advisory for dbus-1 (SUSE-SU-2014:1146-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1146-1)
2021-06-09 00:00:00
suse
suse
Security update for dbus-1 (important)
2014-09-19 23:04:49
ibm
ibm
Security Bulletin: Network Intrusion Prevention System is affected by multiple D-BUS and PHP vulnerabilities (CVE-2014-3638, CVE-2014-3639, CVE-2014-3477, CVE-2014-5459, CVE-2014-3597, CVE-2014-4721)
2022-02-23 19:48:26
f5
f5
SOL17255 - D-Bus vulnerability CVE-2014-3477
2015-09-11 00:00:00
K17256 : D-Bus vulnerability CVE-2014-3638
2015-09-14 00:00:00
SOL17256 - D-Bus vulnerability CVE-2014-3638
2015-09-14 00:00:00
cve
cve
CVE-2014-3477
2014-07-01 17:55:00
CVE-2014-3638
2014-09-22 15:55:00
CVE-2014-3639
2014-09-22 15:55:00
mageia
mageia
Updated dbus packages fix security vulnerability
2014-06-18 23:25:42
Updated dbus packages fix multiple security vulnerabilities
2014-10-07 13:22:51
cvelist
cvelist
CVE-2014-3638
2014-09-22 15:00:00
CVE-2014-3477
2014-07-01 17:00:00
CVE-2014-3639
2014-09-22 15:00:00
ubuntucve
ubuntucve
CVE-2014-3477
2014-07-01 00:00:00
CVE-2014-3638
2014-09-17 00:00:00
CVE-2014-3639
2014-09-17 00:00:00
freebsd
freebsd
dbus -- local DoS
2014-06-10 00:00:00
dbus -- multiple vulnerabilities
2014-09-16 00:00:00
prion
prion
Design/Logic Flaw
2014-09-22 15:55:00
Design/Logic Flaw
2014-07-01 17:55:00
Design/Logic Flaw
2014-09-22 15:55:00
debiancve
debiancve
CVE-2014-3638
2014-09-22 15:55:00
CVE-2014-3477
2014-07-01 17:55:00
CVE-2014-3639
2014-09-22 15:55:00
fedora
fedora
[SECURITY] Fedora 20 Update: dbus-1.6.28-1.fc20
2014-12-13 09:47:30
[SECURITY] Fedora 20 Update: mingw-dbus-1.6.28-1.fc20
2015-01-02 05:04:52
[SECURITY] Fedora 21 Update: mingw-dbus-1.8.12-1.fc21
2015-01-02 05:03:51
ubuntu
ubuntu
DBus vulnerabilities
2014-09-22 00:00:00
DBus vulnerabilities
2014-07-08 00:00:00
gentoo
gentoo
D-Bus: Multiple Vulnerabilities
2014-12-13 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3026-1] dbus security update
2014-09-21 00:00:00
dbus multiple security vulnerabilities
2014-11-30 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for D1515AADADD0AFD52E52CA73A3C041976A003188D8D09F5FAEAA2DFA6F589CD3
osv3nessus24debian4openvas22suse1ibm1f56cve3mageia2cvelist3ubuntucve4freebsd2prion3debiancve3fedora8ubuntu2gentoo1securityvulns3