Main Vulnerability Database SB2023072121

SB2023072121 - SUSE update for dbus-1

Published: July 21, 2023

Security Bulletin ID SB2023072121

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20232879-1/

Vulnerable Software

SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Real Time 15: SP3
SUSE Manager Retail Branch Server: 4.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
dbus-1-devel: before 1.12.2-150100.8.17.1
dbus-1-x11: before 1.12.2-150100.8.17.1
libdbus-1-3: before 1.12.2-150100.8.17.1
dbus-1-x11-debuginfo: before 1.12.2-150100.8.17.1
dbus-1: before 1.12.2-150100.8.17.1
dbus-1-debuginfo: before 1.12.2-150100.8.17.1
dbus-1-32bit-debuginfo: before 1.12.2-150100.8.17.1
libdbus-1-3-32bit-debuginfo: before 1.12.2-150100.8.17.1
libdbus-1-3-32bit: before 1.12.2-150100.8.17.1
dbus-1-x11-debugsource: before 1.12.2-150100.8.17.1
libdbus-1-3-debuginfo: before 1.12.2-150100.8.17.1
dbus-1-debugsource: before 1.12.2-150100.8.17.1