[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2014:214 ] dbus

Hash: SHA1


 Mandriva Linux Security Advisory                         MDVSA-2014:214

 Package : dbus
 Date    : November 18, 2014
 Affected: Business Server 1.0

 Problem Description:

 Updated dbus packages fixes the following security issues:
 Alban Crequy and Simon McVittie discovered several vulnerabilities
 in the D-Bus message daemon:
 On 64-bit platforms, file descriptor passing could be abused by local
 users to cause heap corruption in dbus-daemon, leading to a crash,
 or potentially to arbitrary code execution (CVE-2014-3635).
 A denial-of-service vulnerability in dbus-daemon allowed local
 attackers to prevent new connections to dbus-daemon, or disconnect
 existing clients, by exhausting descriptor limits (CVE-2014-3636).
 Malicious local users could create D-Bus connections to dbus-daemon
 which could not be terminated by killing the participating processes,
 resulting in a denial-of-service vulnerability (CVE-2014-3637).
 dbus-daemon suffered from a denial-of-service vulnerability in the
 code which tracks which messages expect a reply, allowing local
 attackers to reduce the performance of dbus-daemon (CVE-2014-3638).
 dbus-daemon did not properly reject malicious connections from local
 users, resulting in a denial-of-service vulnerability (CVE-2014-3639).
 The patch issued by the D-Bus maintainers for CVE-2014-3636 was
 based on incorrect reasoning, and does not fully prevent the attack
 described as CVE-2014-3636 part A, which is repeated below. Preventing
 that attack requires raising the system dbus-daemon's RLIMIT_NOFILE
 (ulimit -n) to a higher value.
 By queuing up the maximum allowed number of fds, a malicious sender
 could reach the system dbus-daemon's RLIMIT_NOFILE (ulimit -n,
 typically 1024 on Linux). This would act as a denial of service in
 two ways:
 * new clients would be unable to connect to the dbus-daemon
 * when receiving a subsequent message from a non-malicious client
 that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag,
 indicating that the list of fds was truncated; kernel fd-passing APIs
 do not provide any way to recover from that, so dbus-daemon responds
 to MSG_CTRUNC by disconnecting the sender, causing denial of service
 to that sender.
 This update also resolves the CVE-2014-7824 security vulnerability.



 Updated Packages:

 Mandriva Business Server 1/X86_64:
 4baf3a4a62888fd38df305801d830866  mbs1/x86_64/dbus-1.4.16-7.5.mbs1.x86_64.rpm
 8f564fedf6130d7efb4366961997f5a3  mbs1/x86_64/dbus-doc-1.4.16-7.5.mbs1.x86_64.rpm
 2c8649da902067e15e6beab1c7e88c03  mbs1/x86_64/dbus-x11-1.4.16-7.5.mbs1.x86_64.rpm
 3c692ce18b78e8e78fe584153f4d4213  mbs1/x86_64/lib64dbus-1_3-1.4.16-7.5.mbs1.x86_64.rpm
 e8a63a7374bc712eab162411385f6cff  mbs1/x86_64/lib64dbus-1-devel-1.4.16-7.5.mbs1.x86_64.rpm 
 d4d7bf9935b24ebb1b64a136b6c6acfd  mbs1/SRPMS/dbus-1.4.16-7.5.mbs1.src.rpm

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:


 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.12 (GNU/Linux)