Lucene search
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2425-1.NASLHistoryNov 28, 2014 - 12:00 a.m.
Ubuntu 14.04 LTS : DBus vulnerability (USN-2425-1)
2014-11-2800:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service.
(CVE-2014-7824).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2425-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79621);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2014-7824");
script_bugtraq_id(71012);
script_xref(name:"USN", value:"2425-1");
script_name(english:"Ubuntu 14.04 LTS : DBus vulnerability (USN-2425-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It was discovered that DBus incorrectly handled a large number of file
descriptor messages. A local attacker could use this issue to cause
DBus to stop responding, resulting in a denial of service.
(CVE-2014-7824).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2425-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-7824");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'dbus', 'pkgver': '1.6.18-0ubuntu4.3'},
{'osver': '14.04', 'pkgname': 'dbus-x11', 'pkgver': '1.6.18-0ubuntu4.3'},
{'osver': '14.04', 'pkgname': 'libdbus-1-3', 'pkgver': '1.6.18-0ubuntu4.3'},
{'osver': '14.04', 'pkgname': 'libdbus-1-dev', 'pkgver': '1.6.18-0ubuntu4.3'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dbus / dbus-x11 / libdbus-1-3 / libdbus-1-dev');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | dbus | p-cpe:/a:canonical:ubuntu_linux:dbus |
| canonical | ubuntu_linux | dbus-x11 | p-cpe:/a:canonical:ubuntu_linux:dbus-x11 |
| canonical | ubuntu_linux | libdbus-1-3 | p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3 |
| canonical | ubuntu_linux | libdbus-1-dev | p-cpe:/a:canonical:ubuntu_linux:libdbus-1-dev |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
Related
nessus
nessus
openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1454-1)
2014-11-20 00:00:00
openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1455-1)
2014-11-20 00:00:00
Debian DSA-3099-1 : dbus - security update
2014-12-15 00:00:00
securityvulns
securityvulns
[USN-2425-1] DBus vulnerability
2014-11-30 00:00:00
dbus multiple security vulnerabilities
2014-11-30 00:00:00
ubuntu
ubuntu
DBus vulnerability
2014-11-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2425-1)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2014-0457)
2022-01-28 00:00:00
Debian Security Advisory DSA 3099-1 (dbus - security update)
2014-12-11 00:00:00
cvelist
cvelist
CVE-2014-7824
2014-11-18 15:00:00
archlinux
archlinux
dbus: denial of service
2014-11-23 00:00:00
cve
cve
CVE-2014-7824
2014-11-18 15:59:00
debiancve
debiancve
CVE-2014-7824
2014-11-18 15:59:00
prion
prion
Code injection
2014-11-18 15:59:00
freebsd
freebsd
dbus -- incomplete fix for CVE-2014-3636 part A
2014-11-10 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerabilitiy
2014-11-15 21:31:46
debian
debian
[SECURITY] [DSA 3099-1] dbus security update
2014-12-11 21:15:42
ubuntucve
ubuntucve
CVE-2014-7824
2014-11-18 00:00:00
photon
photon
fedora
fedora
[SECURITY] Fedora 21 Update: dbus-1.8.12-1.fc21
2014-12-17 04:46:59
[SECURITY] Fedora 21 Update: dbus-1.8.16-1.fc21
2015-02-16 03:26:31
[SECURITY] Fedora 20 Update: dbus-1.6.28-1.fc20
2014-12-13 09:47:30
gentoo
gentoo
D-Bus: Multiple Vulnerabilities
2014-12-13 00:00:00
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Related for UBUNTU_USN-2425-1.NASL