CVE-2013-2168

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.4.x through 1.4.25 D-Bus versions 1.6.x through 1.6.11 D-Bus versions 1.7.x through 1.7.3

Description The issue allows local users to cause a denial of service via a crafted message, potentially disrupting the availability of protected information. This can be achieved by exploiting the dbus printf string upper bound function in dbus/dbus-sysdeps-unix.c. The exploitation can be carried out locally.

Recommendations For D-Bus versions 1.4.x through 1.4.25, update to version 1.4.26 or later. For D-Bus versions 1.6.x through 1.6.11, update to version 1.6.12 or later. For D-Bus versions 1.7.x through 1.7.3, update to version 1.7.4 or later. As a temporary workaround, consider restricting access to the dbus printf string upper bound function in dbus/dbus-sysdeps-unix.c to minimize the risk of exploitation.