1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
Simon McVittie discovered a local denial of service flaw in dbus, an
asynchronous inter-process communication system. On systems with
systemd-style service activation, dbus-daemon does not prevent forged
ActivationFailure messages from non-root processes. A malicious local
user could use this flaw to trick dbus-daemon into thinking that systemd
failed to activate a system service, resulting in an error reply back to
the requester.
For the stable distribution (wheezy), this problem has been fixed in
version 1.6.8-1+deb7u6.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.16-1.
We recommend that you upgrade your dbus packages.
CPE | Name | Operator | Version |
---|---|---|---|
dbus | eq | 1.6.8-1 | |
dbus | eq | 1.6.8-1+deb7u4 | |
dbus | eq | 1.6.8-1+deb7u2 | |
dbus | eq | 1.6.8-1+deb7u5 | |
dbus | eq | 1.6.8-1+deb7u1 | |
dbus | eq | 1.6.8-1+deb7u3 |