SB2014070707 - Input validation error in dbus (Alpine package)
Published: July 7, 2014
Security Bulletin ID
SB2014070707
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-3532)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b
- https://git.alpinelinux.org/aports/commit/?id=a43405afb7de0724dcd016bbd586c634e6b9c8f0
- https://git.alpinelinux.org/aports/commit/?id=968233f148132175322ec689fa706fd3a31d6baa
- https://git.alpinelinux.org/aports/commit/?id=c772d04e6bb1acd9ad94080ba10cd727008d5e00