lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YcVho-0005OU-QY@titan.mandriva.com>
Date: Mon, 30 Mar 2015 11:10:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:176 ] dbus

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:176
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dbus
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated dbus packages fix multiple vulnerabilities:
 
 A denial of service vulnerability in D-Bus before 1.6.20 allows a
 local attacker to cause a bus-activated service that is not currently
 running to attempt to start, and fail, denying other users access to
 this service Additionally, in highly unusual environments the same
 flaw could lead to a side channel between processes that should not
 be able to communicate (CVE-2014-3477).
 
 A flaw was reported in D-Bus&#039;s file descriptor passing feature. A
 local attacker could use this flaw to cause a service or application
 to disconnect from the bus, typically resulting in that service or
 application exiting (CVE-2014-3532).
 
 A flaw was reported in D-Bus&#039;s file descriptor passing feature. A local
 attacker could use this flaw to cause an invalid file descriptor to be
 forwarded to a service or application, causing it to disconnect from
 the bus, typically resulting in that service or application exiting
 (CVE-2014-3533).
 
 On 64-bit platforms, file descriptor passing could be abused by local
 users to cause heap corruption in dbus-daemon, leading to a crash,
 or potentially to arbitrary code execution (CVE-2014-3635).
 
 A denial-of-service vulnerability in dbus-daemon allowed local
 attackers to prevent new connections to dbus-daemon, or disconnect
 existing clients, by exhausting descriptor limits (CVE-2014-3636).
 
 Malicious local users could create D-Bus connections to dbus-daemon
 which could not be terminated by killing the participating processes,
 resulting in a denial-of-service vulnerability (CVE-2014-3637).
 
 dbus-daemon suffered from a denial-of-service vulnerability in the
 code which tracks which messages expect a reply, allowing local
 attackers to reduce the performance of dbus-daemon (CVE-2014-3638).
 
 dbus-daemon did not properly reject malicious connections from local
 users, resulting in a denial-of-service vulnerability (CVE-2014-3639).
 
 The patch issued by the D-Bus maintainers for CVE-2014-3636 was
 based on incorrect reasoning, and does not fully prevent the attack
 described as CVE-2014-3636 part A, which is repeated below. Preventing
 that attack requires raising the system dbus-daemon&#039;s RLIMIT_NOFILE
 (ulimit -n) to a higher value.
 
 By queuing up the maximum allowed number of fds, a malicious sender
 could reach the system dbus-daemon&#039;s RLIMIT_NOFILE (ulimit -n,
 typically 1024 on Linux). This would act as a denial of service in
 two ways:
 
  * new clients would be unable to connect to the dbus-daemon
 
  * when receiving a subsequent message from a non-malicious client
  that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag,
  indicating that the list of fds was truncated; kernel fd-passing
  APIs do not provide any way to recover from that, so dbus-daemon
  responds to MSG_CTRUNC by disconnecting the sender, causing denial
  of service to that sender.
 
 This update resolves the issue (CVE-2014-7824).
 
 non-systemd processes can make dbus-daemon think systemd failed to
 activate a system service, resulting in an error reply back to the
 requester, causing a local denial of service (CVE-2015-0245).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7824
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245
 http://advisories.mageia.org/MGASA-2014-0266.html
 http://advisories.mageia.org/MGASA-2014-0294.html
 http://advisories.mageia.org/MGASA-2014-0395.html
 http://advisories.mageia.org/MGASA-2014-0457.html
 http://advisories.mageia.org/MGASA-2015-0071.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 4c85ec34d47fb953f2433bf88fce54a2  mbs2/x86_64/dbus-1.6.18-3.1.mbs2.x86_64.rpm
 403eb9b553300e5047e2ddc6ff5ec5eb  mbs2/x86_64/dbus-doc-1.6.18-3.1.mbs2.noarch.rpm
 c1ee9cbf21bf2950e84c2b9492f83115  mbs2/x86_64/dbus-x11-1.6.18-3.1.mbs2.x86_64.rpm
 ec6f98afb3cbe37c6e6fe1810cfdc661  mbs2/x86_64/lib64dbus1_3-1.6.18-3.1.mbs2.x86_64.rpm
 1e09c319aeef5f11776bdddf1122dc97  mbs2/x86_64/lib64dbus-devel-1.6.18-3.1.mbs2.x86_64.rpm 
 4e03062a15901014196d248d2ff03794  mbs2/SRPMS/dbus-1.6.18-3.1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGQT2mqjQ0CJFipgRAgO/AKCBAPOsYvHsjKwLt5sj544QLjj14wCcD+FE
MOoQRPbV7iRulHZ6WK9r7t0=
=rDgp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ