 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2014.0395 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2014-0395) |
| Zusammenfassung: | The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2014-0395 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2014-0395 advisory. Vulnerability Insight: Updated dbus packages fixes the following security issues: Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon: On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). Affected Software/OS: 'dbus' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3635 1030864 http://www.securitytracker.com/id/1030864 61378 http://secunia.com/advisories/61378 DSA-3026 http://www.debian.org/security/2014/dsa-3026 MDVSA-2015:176 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 USN-2352-1 http://www.ubuntu.com/usn/USN-2352-1 [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 http://www.openwall.com/lists/oss-security/2014/09/16/9 http://advisories.mageia.org/MGASA-2014-0395.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugs.freedesktop.org/show_bug.cgi?id=83622 openSUSE-SU-2014:1239 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3636 https://bugs.freedesktop.org/show_bug.cgi?id=82820 Common Vulnerability Exposure (CVE) ID: CVE-2014-3637 [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz http://www.openwall.com/lists/oss-security/2019/06/24/13 http://www.openwall.com/lists/oss-security/2019/06/24/14 https://bugs.freedesktop.org/show_bug.cgi?id=80559 Common Vulnerability Exposure (CVE) ID: CVE-2014-3638 61431 http://secunia.com/advisories/61431 SUSE-SU-2014:1146 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html https://bugs.freedesktop.org/show_bug.cgi?id=81053 Common Vulnerability Exposure (CVE) ID: CVE-2014-3639 https://bugs.freedesktop.org/show_bug.cgi?id=80919 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |