33 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-3636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection dr...
SUSE CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...
NewStart CGSL MAIN 6.02 : dbus Multiple Vulnerabilities (NS-SA-2022-0093)
The remote NewStart CGSL host, running version MAIN 6.02, has dbus packages installed that are affected by multiple vulnerabilities: - Unspecified vulnerability in the matchruleequal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other...
Mageia: Security Advisory (MGASA-2014-0395)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037)
According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a...
Fedora Update for dbus FEDORA-2015-2007
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for dbus FEDORA-2014-16147
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)
Update to 1.8.12\r\n Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora Update for dbus FEDORA-2014-16227
Check the version of dbus SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868618";...
Fedora 21 : dbus-1.8.12-1.fc21 (2014-16147)
Update to 1.8.12 1168438 - Fixes CVE-2014-3635 fd.o83622 - Fixes CVE-2014-3636 fd.o82820 - Fixes CVE-2014-3637 fd.o80559 - Fixes CVE-2014-3638 fd.o81053 - Fixes CVE-2014-3639 fd.o80919 - Fixes CVE-2014-7824 fd.o85105 Note that Tenable Network Security has extracted the preceding description block...
Fedora 20 : dbus-1.6.28-1.fc20 (2014-16243)
Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...
Debian DSA-3099-1 : dbus - security update
Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the...
Fedora Update for dbus FEDORA-2014-16243
Check the version of dbus SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868585";...
Debian Security Advisory DSA 3099-1 (dbus - security update)
Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the...
dbus: denial of service
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...
Mandriva Linux Security Advisory : dbus (MDVSA-2014:214)
Updated dbus packages fixes the following security issues : Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon : On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or...
CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...
CVE-2014-7824
CVE-2014-7824 affects D-Bus: vulnerable versions are D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2. The issue allows local users to cause a denial of service by queuing the maximum number of file descriptors, due to an incomplete fix for CVE-2014-3636. Affec...
MGASA-2014-0457 Updated dbus packages fix security vulnerabilitiy
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher...
Updated dbus packages fix security vulnerabilitiy
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher...