 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.703026 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-3026-1) |
| Summary: | The remote host is missing an update for the Debian 'dbus' package(s) announced via the DSA-3026-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'dbus' package(s) announced via the DSA-3026-1 advisory. Vulnerability Insight: Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon. CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution. CVE-2014-3636 A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits. CVE-2014-3637 Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability. CVE-2014-3638 dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon. CVE-2014-3639 dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability. For the stable distribution (wheezy), these problems have been fixed in version 1.6.8-1+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1.8.8-1. We recommend that you upgrade your dbus packages. Affected Software/OS: 'dbus' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3635 1030864 http://www.securitytracker.com/id/1030864 61378 http://secunia.com/advisories/61378 DSA-3026 http://www.debian.org/security/2014/dsa-3026 MDVSA-2015:176 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 USN-2352-1 http://www.ubuntu.com/usn/USN-2352-1 [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 http://www.openwall.com/lists/oss-security/2014/09/16/9 http://advisories.mageia.org/MGASA-2014-0395.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugs.freedesktop.org/show_bug.cgi?id=83622 openSUSE-SU-2014:1239 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3636 https://bugs.freedesktop.org/show_bug.cgi?id=82820 Common Vulnerability Exposure (CVE) ID: CVE-2014-3637 [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz http://www.openwall.com/lists/oss-security/2019/06/24/13 http://www.openwall.com/lists/oss-security/2019/06/24/14 https://bugs.freedesktop.org/show_bug.cgi?id=80559 Common Vulnerability Exposure (CVE) ID: CVE-2014-3638 61431 http://secunia.com/advisories/61431 SUSE-SU-2014:1146 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html https://bugs.freedesktop.org/show_bug.cgi?id=81053 Common Vulnerability Exposure (CVE) ID: CVE-2014-3639 https://bugs.freedesktop.org/show_bug.cgi?id=80919 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |