RSS   Podatności dla 'DBUS'   RSS

2020-06-08
 
CVE-2020-12049

CWE-404
 

 
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

 
2013-07-03
 
CVE-2013-2168

CWE-20
 

 
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

 
2011-06-22
 
CVE-2011-2533

 

 
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

 
 
CVE-2011-2200

 

 
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

 
2010-12-30
 
CVE-2010-4352

 

 
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

 
2009-04-27
 
CVE-2009-1189

CWE-20
 

 
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

 
2008-12-09
 
CVE-2008-4311

CWE-16
 

 
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

 
2008-10-07
 
CVE-2008-3834

 

 
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

 

 >>> Vendor: Freedesktop 23 Produkty
Poppler
Xdg-utils
Policykit
DBUS
Dbus1.0
Dbus1.1.0
Scratchbox2
Udisks
Dbus-glib
Telepathy gabble
Colord
Systemd
Accountsservice
Libdbus
Spice-gtk
Polkit
Libbsd
Virglrenderer
Libpoppler
Libice
Gst-plugins-bad
Libinput
Freetype demo programs


Copyright 2024, cxsecurity.com

 

Back to Top