SB2014070708 - Input validation error in dbus (Alpine package)
Published: July 7, 2014
Security Bulletin ID
SB2014070708
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-3533)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b
- https://git.alpinelinux.org/aports/commit/?id=a43405afb7de0724dcd016bbd586c634e6b9c8f0
- https://git.alpinelinux.org/aports/commit/?id=968233f148132175322ec689fa706fd3a31d6baa
- https://git.alpinelinux.org/aports/commit/?id=c772d04e6bb1acd9ad94080ba10cd727008d5e00