From 66c747aa5c06333087954f1c3f6a161b6b5f066c Mon Sep 17 00:00:00 2001 From: Koop Mast Date: Thu, 3 Jul 2014 14:57:40 +0000 Subject: [PATCH] Document more dbus vulnabilities. --- security/vuxml/vuln.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d15cb799e0c7..cea0dc6a64eb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,47 @@ Notes: --> + + dbus -- multiple vulnabilities + + + dbus + 1.8.6 + + + + +

Simon McVittie reports:

+
+

Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's + support for file descriptor passing. A malicious process could + force system services or user applications to be disconnected + from the D-Bus system bus by sending them a message containing + a file descriptor, then causing that file descriptor to exceed + the kernel's maximum recursion depth (itself introduced to fix + a DoS) before dbus-daemon forwards the message to the victim + process. Most services and applications exit when disconnected + from the system bus, leading to a denial of service.

+

Additionally, Alban discovered that bug fd.o#79694, a bug + previously reported by Alejandro Martínez Suárez which was n + believed to be security flaw, could be used for a similar denial + of service, by causing dbus-daemon to attempt to forward invalid + file descriptors to a victim process when file descriptors become + associated with the wrong message.

+
+ + + + CVE-2014-3532 + CVE-2014-3533 + http://lists.freedesktop.org/archives/dbus/2014-July/016235.html + + + 2014-07-02 + 2014-07-03 + + + mencoder -- potential buffer overrun when processing malicious lzo compressed input