Debian Local Security Checks : Debian Security Advisory DSA 3161-1 (dbus

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703161

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3161-1 (dbus - security update)

Zusammenfassung: Simon McVittie discovered a local;denial of service flaw in dbus, an asynchronous inter-process communication;system. On systems with systemd-style service activation, dbus-daemon does not;prevent forged ActivationFailure messages from non-root processes. A malicious;local user could use this flaw to trick dbus-daemon into thinking that systemd;failed to activate a system service, resulting in an error reply back to;the requester.

Beschreibung: Summary:
Simon McVittie discovered a local
denial of service flaw in dbus, an asynchronous inter-process communication
system. On systems with systemd-style service activation, dbus-daemon does not
prevent forged ActivationFailure messages from non-root processes. A malicious
local user could use this flaw to trick dbus-daemon into thinking that systemd
failed to activate a system service, resulting in an error reply back to
the requester.

Affected Software/OS:
dbus on Debian Linux

Solution:
For the stable distribution (wheezy),
this problem has been fixed in version 1.6.8-1+deb7u6.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.16-1.

We recommend that you upgrade your dbus packages.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-0245
Debian Security Information: DSA-3161 (Google Search)
http://www.debian.org/security/2015/dsa-3161
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.openwall.com/lists/oss-security/2015/02/09/6
SuSE Security Announcement: openSUSE-SU-2015:0300 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html

Copyright Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703161
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3161-1 (dbus - security update)
Zusammenfassung:	Simon McVittie discovered a local;denial of service flaw in dbus, an asynchronous inter-process communication;system. On systems with systemd-style service activation, dbus-daemon does not;prevent forged ActivationFailure messages from non-root processes. A malicious;local user could use this flaw to trick dbus-daemon into thinking that systemd;failed to activate a system service, resulting in an error reply back to;the requester.
Beschreibung:	Summary: Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester. Affected Software/OS: dbus on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 1.8.16-1. We recommend that you upgrade your dbus packages. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0245 Debian Security Information: DSA-3161 (Google Search) http://www.debian.org/security/2015/dsa-3161 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.openwall.com/lists/oss-security/2015/02/09/6 SuSE Security Announcement: openSUSE-SU-2015:0300 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net