 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841972 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2352-1) |
| Summary: | The remote host is missing an update for the 'dbus' package(s) announced via the USN-2352-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'dbus' package(s) announced via the USN-2352-1 advisory. Vulnerability Insight: Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3635) Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3636) Alban Crequy discovered that DBus incorrectly handled certain file descriptor messages. A local attacker could use this issue to cause DBus to maintain persistent connections, possibly resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3637) Alban Crequy discovered that DBus incorrectly handled a large number of parallel connections and parallel message calls. A local attacker could use this issue to cause DBus to consume resources, possibly resulting in a denial of service. (CVE-2014-3638) Alban Crequy discovered that DBus incorrectly handled incomplete connections. A local attacker could use this issue to cause DBus to fail legitimate connection attempts, resulting in a denial of service. (CVE-2014-3639) Affected Software/OS: 'dbus' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3635 1030864 http://www.securitytracker.com/id/1030864 61378 http://secunia.com/advisories/61378 DSA-3026 http://www.debian.org/security/2014/dsa-3026 MDVSA-2015:176 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 USN-2352-1 http://www.ubuntu.com/usn/USN-2352-1 [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 http://www.openwall.com/lists/oss-security/2014/09/16/9 http://advisories.mageia.org/MGASA-2014-0395.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugs.freedesktop.org/show_bug.cgi?id=83622 openSUSE-SU-2014:1239 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3636 https://bugs.freedesktop.org/show_bug.cgi?id=82820 Common Vulnerability Exposure (CVE) ID: CVE-2014-3637 [oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz http://www.openwall.com/lists/oss-security/2019/06/24/13 http://www.openwall.com/lists/oss-security/2019/06/24/14 https://bugs.freedesktop.org/show_bug.cgi?id=80559 Common Vulnerability Exposure (CVE) ID: CVE-2014-3638 61431 http://secunia.com/advisories/61431 SUSE-SU-2014:1146 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html https://bugs.freedesktop.org/show_bug.cgi?id=81053 Common Vulnerability Exposure (CVE) ID: CVE-2014-3639 https://bugs.freedesktop.org/show_bug.cgi?id=80919 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |