Detections
Analytics

Debian DSA-2707-1 : dbus - denial of service

low Nessus Plugin ID 66905

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.

The oldstable distribution (squeeze) is not affected by this problem.

Solution

Upgrade the dbus packages.

For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u1.

See Also

https://packages.debian.org/source/wheezy/dbus

https://www.debian.org/security/2013/dsa-2707

Plugin Details

Severity: Low

ID: 66905

File Name: debian_DSA-2707.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/17/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:dbus, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 6/13/2013

Reference Information

CVE: CVE-2013-2168

DSA: 2707