exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-176

Mandriva Linux Security Advisory 2015-176
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-176 - Updated dbus packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3477, CVE-2014-3532, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824, CVE-2015-0245
SHA-256 | 4be93103f6f354ef453a2dc02b3ccf964ab78327305a7f7671ec1fe2b6855df4

Mandriva Linux Security Advisory 2015-176

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:176
https://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dbus
Date : March 30, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated dbus packages fix multiple vulnerabilities:

A denial of service vulnerability in D-Bus before 1.6.20 allows a
local attacker to cause a bus-activated service that is not currently
running to attempt to start, and fail, denying other users access to
this service Additionally, in highly unusual environments the same
flaw could lead to a side channel between processes that should not
be able to communicate (CVE-2014-3477).

A flaw was reported in D-Bus's file descriptor passing feature. A
local attacker could use this flaw to cause a service or application
to disconnect from the bus, typically resulting in that service or
application exiting (CVE-2014-3532).

A flaw was reported in D-Bus's file descriptor passing feature. A local
attacker could use this flaw to cause an invalid file descriptor to be
forwarded to a service or application, causing it to disconnect from
the bus, typically resulting in that service or application exiting
(CVE-2014-3533).

On 64-bit platforms, file descriptor passing could be abused by local
users to cause heap corruption in dbus-daemon, leading to a crash,
or potentially to arbitrary code execution (CVE-2014-3635).

A denial-of-service vulnerability in dbus-daemon allowed local
attackers to prevent new connections to dbus-daemon, or disconnect
existing clients, by exhausting descriptor limits (CVE-2014-3636).

Malicious local users could create D-Bus connections to dbus-daemon
which could not be terminated by killing the participating processes,
resulting in a denial-of-service vulnerability (CVE-2014-3637).

dbus-daemon suffered from a denial-of-service vulnerability in the
code which tracks which messages expect a reply, allowing local
attackers to reduce the performance of dbus-daemon (CVE-2014-3638).

dbus-daemon did not properly reject malicious connections from local
users, resulting in a denial-of-service vulnerability (CVE-2014-3639).

The patch issued by the D-Bus maintainers for CVE-2014-3636 was
based on incorrect reasoning, and does not fully prevent the attack
described as CVE-2014-3636 part A, which is repeated below. Preventing
that attack requires raising the system dbus-daemon's RLIMIT_NOFILE
(ulimit -n) to a higher value.

By queuing up the maximum allowed number of fds, a malicious sender
could reach the system dbus-daemon's RLIMIT_NOFILE (ulimit -n,
typically 1024 on Linux). This would act as a denial of service in
two ways:

* new clients would be unable to connect to the dbus-daemon

* when receiving a subsequent message from a non-malicious client
that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag,
indicating that the list of fds was truncated; kernel fd-passing
APIs do not provide any way to recover from that, so dbus-daemon
responds to MSG_CTRUNC by disconnecting the sender, causing denial
of service to that sender.

This update resolves the issue (CVE-2014-7824).

non-systemd processes can make dbus-daemon think systemd failed to
activate a system service, resulting in an error reply back to the
requester, causing a local denial of service (CVE-2015-0245).
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245
https://advisories.mageia.org/MGASA-2014-0266.html
https://advisories.mageia.org/MGASA-2014-0294.html
https://advisories.mageia.org/MGASA-2014-0395.html
https://advisories.mageia.org/MGASA-2014-0457.html
https://advisories.mageia.org/MGASA-2015-0071.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
4c85ec34d47fb953f2433bf88fce54a2 mbs2/x86_64/dbus-1.6.18-3.1.mbs2.x86_64.rpm
403eb9b553300e5047e2ddc6ff5ec5eb mbs2/x86_64/dbus-doc-1.6.18-3.1.mbs2.noarch.rpm
c1ee9cbf21bf2950e84c2b9492f83115 mbs2/x86_64/dbus-x11-1.6.18-3.1.mbs2.x86_64.rpm
ec6f98afb3cbe37c6e6fe1810cfdc661 mbs2/x86_64/lib64dbus1_3-1.6.18-3.1.mbs2.x86_64.rpm
1e09c319aeef5f11776bdddf1122dc97 mbs2/x86_64/lib64dbus-devel-1.6.18-3.1.mbs2.x86_64.rpm
4e03062a15901014196d248d2ff03794 mbs2/SRPMS/dbus-1.6.18-3.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGQT2mqjQ0CJFipgRAgO/AKCBAPOsYvHsjKwLt5sj544QLjj14wCcD+FE
MOoQRPbV7iRulHZ6WK9r7t0=
=rDgp
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close