Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : dbus vulnerabilities (USN-3116-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that DBus incorrectly validated the source of
ActivationFailure signals. A local attacker could use this issue to
cause a denial of service. This issue only applied to Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. (CVE-2015-0245)

It was discovered that DBus incorrectly handled certain format
strings. A local attacker could use this issue to cause a denial of
service, or possibly execute arbitrary code. This issue is only
exposed to unprivileged users when the fix for CVE-2015-0245 is not
applied, hence this issue is only likely to affect Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been
updated as a preventative measure in the event that a new attack
vector for this issue is discovered. (No CVE number).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected dbus and / or libdbus-1-3 packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 94465 ()

Bugtraq ID:

CVE ID: CVE-2015-0245

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now