This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in dbus, an asynchronous
inter-process communication system. The Common Vulnerabilities and
Exposures project identifies the following problems :
Alban Crequy at Collabora Ltd. discovered that
dbus-daemon sends an AccessDenied error to the service
instead of a client when the client is prohibited from
accessing the service. A local attacker could use this
flaw to cause a bus-activated service that is not
currently running to attempt to start, and fail, denying
other users access to this service.
Alban Crequy at Collabora Ltd. discovered a bug in
dbus-daemon's support for file descriptor passing. A
malicious process could force system services or user
applications to be disconnected from the D-Bus system by
sending them a message containing a file descriptor,
leading to a denial of service.
Alban Crequy at Collabora Ltd. and Alejandro MartÃnez
SuÃ¡rez discovered that a malicious process could force
services to be disconnected from the D-Bus system by
causing dbus-daemon to attempt to forward invalid file
descriptors to a victim process, leading to a denial of
See also :
Upgrade the dbus packages.
For the stable distribution (wheezy), these problems have been fixed
in version 1.6.8-1+deb7u3.
Risk factor :
Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : false
Family: Debian Local Security Checks
Nessus Plugin ID: 76349 ()
Bugtraq ID: 679866833768339
CVE ID: CVE-2014-3477CVE-2014-3532CVE-2014-3533
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.