 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0395 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0395) |
| Resumen: | The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2014-0395 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'dbus' package(s) announced via the MGASA-2014-0395 advisory. Vulnerability Insight: Updated dbus packages fixes the following security issues: Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon: On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). Affected Software/OS: 'dbus' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3635 1030864 http://www.securitytracker.com/id/1030864 61378 http://secunia.com/advisories/61378 DSA-3026 http://www.debian.org/security/2014/dsa-3026 MDVSA-2015:176 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 USN-2352-1 http://www.ubuntu.com/usn/USN-2352-1 [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 http://www.openwall.com/lists/oss-security/2014/09/16/9 http://advisories.mageia.org/MGASA-2014-0395.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugs.freedesktop.org/show_bug.cgi?id=83622 openSUSE-SU-2014:1239 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3636 https://bugs.freedesktop.org/show_bug.cgi?id=82820 Common Vulnerability Exposure (CVE) ID: CVE-2014-3637 [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz http://www.openwall.com/lists/oss-security/2019/06/24/13 http://www.openwall.com/lists/oss-security/2019/06/24/14 https://bugs.freedesktop.org/show_bug.cgi?id=80559 Common Vulnerability Exposure (CVE) ID: CVE-2014-3638 61431 http://secunia.com/advisories/61431 SUSE-SU-2014:1146 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html https://bugs.freedesktop.org/show_bug.cgi?id=81053 Common Vulnerability Exposure (CVE) ID: CVE-2014-3639 https://bugs.freedesktop.org/show_bug.cgi?id=80919 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |