DBus vulnerabilities

2014-09-2200:00:00

ubuntu.com

7 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04
Ubuntu 10.04

Packages

dbus - simple interprocess messaging system

Details

Simon McVittie discovered that DBus incorrectly handled the file
descriptors message limit. A local attacker could use this issue to cause
DBus to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-3635)

Alban Crequy discovered that DBus incorrectly handled a large number of
file descriptor messages. A local attacker could use this issue to cause
DBus to stop responding, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3636)

Alban Crequy discovered that DBus incorrectly handled certain file
descriptor messages. A local attacker could use this issue to cause DBus
to maintain persistent connections, possibly resulting in a denial of
service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-3637)

Alban Crequy discovered that DBus incorrectly handled a large number of
parallel connections and parallel message calls. A local attacker could use
this issue to cause DBus to consume resources, possibly resulting in a
denial of service. (CVE-2014-3638)

Alban Crequy discovered that DBus incorrectly handled incomplete
connections. A local attacker could use this issue to cause DBus to fail
legitimate connection attempts, resulting in a denial of service.
(CVE-2014-3639)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchdbus< 1.6.18-0ubuntu4.2UNKNOWN
Ubuntu14.04noarchdbus-1-dbg< 1.6.18-0ubuntu4.2UNKNOWN
Ubuntu14.04noarchdbus-x11< 1.6.18-0ubuntu4.2UNKNOWN
Ubuntu14.04noarchlibdbus-1-3< 1.6.18-0ubuntu4.2UNKNOWN
Ubuntu14.04noarchlibdbus-1-dev< 1.6.18-0ubuntu4.2UNKNOWN
Ubuntu12.04noarchdbus< 1.4.18-1ubuntu1.6UNKNOWN
Ubuntu12.04noarchdbus-1-dbg< 1.4.18-1ubuntu1.6UNKNOWN
Ubuntu12.04noarchdbus-x11< 1.4.18-1ubuntu1.6UNKNOWN
Ubuntu12.04noarchlibdbus-1-3< 1.4.18-1ubuntu1.6UNKNOWN
Ubuntu12.04noarchlibdbus-1-dev< 1.4.18-1ubuntu1.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	dbus	< 1.6.18-0ubuntu4.2	UNKNOWN
Ubuntu	14.04	noarch	dbus-1-dbg	< 1.6.18-0ubuntu4.2	UNKNOWN
Ubuntu	14.04	noarch	dbus-x11	< 1.6.18-0ubuntu4.2	UNKNOWN
Ubuntu	14.04	noarch	libdbus-1-3	< 1.6.18-0ubuntu4.2	UNKNOWN
Ubuntu	14.04	noarch	libdbus-1-dev	< 1.6.18-0ubuntu4.2	UNKNOWN
Ubuntu	12.04	noarch	dbus	< 1.4.18-1ubuntu1.6	UNKNOWN
Ubuntu	12.04	noarch	dbus-1-dbg	< 1.4.18-1ubuntu1.6	UNKNOWN
Ubuntu	12.04	noarch	dbus-x11	< 1.4.18-1ubuntu1.6	UNKNOWN
Ubuntu	12.04	noarch	libdbus-1-3	< 1.4.18-1ubuntu1.6	UNKNOWN
Ubuntu	12.04	noarch	libdbus-1-dev	< 1.4.18-1ubuntu1.6	UNKNOWN