Input validation error in dbus (Alpine package)



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2014-3533
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 dbus (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU32520

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2014-3533

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform service disruption.

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

Mitigation

Install update from vendor's website.

Vulnerable software versions

dbus (Alpine package): 1.6.8-r0 - 1.6.16-r1

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b
https://git.alpinelinux.org/aports/commit/?id=a43405afb7de0724dcd016bbd586c634e6b9c8f0
https://git.alpinelinux.org/aports/commit/?id=968233f148132175322ec689fa706fd3a31d6baa
https://git.alpinelinux.org/aports/commit/?id=c772d04e6bb1acd9ad94080ba10cd727008d5e00


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###