Lucene search
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4398-1.NASLHistoryJun 17, 2020 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : DBus vulnerability (USN-4398-1)
2020-06-1700:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4398-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(137556);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2020-12049");
script_xref(name:"USN", value:"4398-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : DBus vulnerability (USN-4398-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Kevin Backhouse discovered that DBus incorrectly handled file
descriptors. A local attacker could possibly use this issue to cause
DBus to crash, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4398-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12049");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus-user-session");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dbus-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbus-1-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'dbus', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'dbus-tests', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'dbus-udeb', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'dbus-user-session', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'dbus-x11', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'libdbus-1-3', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'libdbus-1-3-udeb', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'libdbus-1-dev', 'pkgver': '1.10.6-1ubuntu3.6'},
{'osver': '18.04', 'pkgname': 'dbus', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'dbus-tests', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'dbus-udeb', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'dbus-user-session', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'dbus-x11', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'libdbus-1-3', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'libdbus-1-3-udeb', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '18.04', 'pkgname': 'libdbus-1-dev', 'pkgver': '1.12.2-1ubuntu1.2'},
{'osver': '20.04', 'pkgname': 'dbus', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'dbus-tests', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'dbus-udeb', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'dbus-user-session', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'dbus-x11', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'libdbus-1-3', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'libdbus-1-3-udeb', 'pkgver': '1.12.16-2ubuntu2.1'},
{'osver': '20.04', 'pkgname': 'libdbus-1-dev', 'pkgver': '1.12.16-2ubuntu2.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dbus / dbus-tests / dbus-udeb / dbus-user-session / dbus-x11 / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | dbus | p-cpe:/a:canonical:ubuntu_linux:dbus |
| canonical | ubuntu_linux | dbus-tests | p-cpe:/a:canonical:ubuntu_linux:dbus-tests |
| canonical | ubuntu_linux | dbus-udeb | p-cpe:/a:canonical:ubuntu_linux:dbus-udeb |
| canonical | ubuntu_linux | dbus-user-session | p-cpe:/a:canonical:ubuntu_linux:dbus-user-session |
| canonical | ubuntu_linux | dbus-x11 | p-cpe:/a:canonical:ubuntu_linux:dbus-x11 |
| canonical | ubuntu_linux | libdbus-1-3 | p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3 |
| canonical | ubuntu_linux | libdbus-1-3-udeb | p-cpe:/a:canonical:ubuntu_linux:libdbus-1-3-udeb |
| canonical | ubuntu_linux | libdbus-1-dev | p-cpe:/a:canonical:ubuntu_linux:libdbus-1-dev |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
Related
nessus
nessus
SUSE SLES15 Security Update : dbus-1 (SUSE-SU-2021:2470-1)
2021-07-28 00:00:00
EulerOS 2.0 SP5 : dbus (EulerOS-SA-2020-2242)
2020-10-30 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : dbus Vulnerability (NS-SA-2020-0081)
2020-12-09 00:00:00
redhatcve
redhatcve
CVE-2020-12049
2020-06-19 15:56:02
openvas
openvas
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-2096)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-2465)
2020-11-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2470-1)
2021-07-28 00:00:00
ubuntu
ubuntu
DBus vulnerability
2020-06-16 00:00:00
DBus vulnerability
2020-06-16 00:00:00
freebsd
freebsd
dbus file descriptor leak
2020-04-09 00:00:00
oraclelinux
oraclelinux
dbus security update
2020-07-14 00:00:00
dbus security update
2020-07-23 00:00:00
dbus security update
2020-10-06 00:00:00
prion
prion
Code injection
2020-06-08 17:15:00
osv
osv
CVE-2020-12049
2020-06-08 17:15:09
dbus - security update
2020-06-05 00:00:00
suse
suse
Security update for dbus-1 (moderate)
2021-08-23 00:00:00
Security update for dbus-1 (moderate)
2021-08-27 00:00:00
cloudfoundry
cloudfoundry
USN-4398-1: DBus vulnerability | Cloud Foundry
2020-07-22 00:00:00
f5
f5
K16729408 : D-Bus vulnerability CVE-2020-12049
2021-04-12 00:00:00
debian
debian
[SECURITY] [DLA 2235-1] dbus security update
2020-06-05 15:34:10
archlinux
archlinux
[ASA-202006-9] dbus: denial of service
2020-06-13 00:00:00
redhat
redhat
(RHSA-2020:3014) Important: dbus security update
2020-07-21 10:22:08
(RHSA-2020:3044) Important: dbus security update
2020-07-21 14:16:04
(RHSA-2020:2894) Important: dbus security update
2020-07-13 10:17:31
centos
centos
dbus security update
2020-07-14 22:54:19
alpinelinux
alpinelinux
CVE-2020-12049
2020-06-08 17:15:00
veracode
veracode
Denial Of Service (DoS)
2020-07-14 02:45:33
mageia
mageia
Updated dbus packages fix security vulnerability
2020-06-15 10:54:40
debiancve
debiancve
CVE-2020-12049
2020-06-08 17:15:00
cve
cve
CVE-2020-12049
2020-06-08 17:15:00
gentoo
gentoo
D-Bus: Denial of service
2020-07-27 00:00:00
ubuntucve
ubuntucve
CVE-2020-12049
2020-06-08 00:00:00
amazon
amazon
Important: dbus
2022-10-31 19:40:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0259
2020-07-03 00:00:00
Critical Photon OS Security Update - PHSA-2020-0259
2020-07-03 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0722
2024-02-08 00:00:00
Related for UBUNTU_USN-4398-1.NASL