EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the dbus packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

- D-BUS is a system for sending messages between
applications. It is used both for the system-wide
message bus service, and as a per-user-login-session
messaging facility.

- Security Fix(es)

- dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when
running on Linux 2.6.37-rc4 or later, allows local
users to cause a denial of service (system-bus
disconnect of other services or applications) by
sending a message containing a file descriptor, then
exceeding the maximum recursion depth before the
initial message is forwarded.(CVE-2014-3532)

- dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows
local users to cause a denial of service (disconnect)
via a certain sequence of crafted messages that cause
the dbus-daemon to forward a message containing an
invalid file descriptor.(CVE-2014-3533)

- D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before
1.8.16, and 1.9.x before 1.9.10 does not validate the
source of ActivationFailure signals, which allows local
users to cause a denial of service (activation failure
error returned) by leveraging a race condition
involving sending an ActivationFailure signal before
systemd responds.(CVE-2015-0245)

- D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x
before 1.8.8 allows local users to (1) cause a denial
of service (prevention of new connections and
connection drop) by queuing the maximum number of file
descriptors or (2) cause a denial of service
(disconnect) via multiple messages that combine to have
more than the allowed number of file descriptors for a
single sendmsg call.(CVE-2014-3636)

- The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x
before 1.6.20, and 1.8.x before 1.8.4, sends an
AccessDenied error to the service instead of a client
when the client is prohibited from accessing the
service, which allows local users to cause a denial of
service (initialization failure and exit) or possibly
conduct a side-channel attack via a D-Bus message to an
inactive service.(CVE-2014-3477)

- D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x
before 1.8.8 does not properly close connections for
processes that have terminated, which allows local
users to cause a denial of service via a D-bus message
containing a D-Bus connection file
descriptor.(CVE-2014-3637)

- Off-by-one error in D-Bus 1.3.0 through 1.6.x before
1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit
system and the max_message_unix_fds limit is set to an
odd number, allows local users to cause a denial of
service (dbus-daemon crash) or possibly execute
arbitrary code by sending one more file descriptor than
the limit, which triggers a heap-based buffer overflow
or an assertion failure.(CVE-2014-3635)

- The bus_connections_check_reply function in
config-parser.c in D-Bus before 1.6.24 and 1.8.x before
1.8.8 allows local users to cause a denial of service
(CPU consumption) via a large number of method
calls.(CVE-2014-3638)

- The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before
1.8.8 does not properly close old connections, which
allows local users to cause a denial of service
(incomplete connection consumption and prevention of
new connections) via a large number of incomplete
connections.(CVE-2014-3639)

- D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before
1.8.10, and 1.9.x before 1.9.2 allows local users to
cause a denial of service (prevention of new
connections and connection drop) by queuing the maximum
number of file descriptors. NOTE: this vulnerability
exists because of an incomplete fix for
CVE-2014-3636.1.(CVE-2014-7824)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?1b71aa3d

Solution :

Update the affected dbus packages.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now