PT-2013-1322 · Freedesktop.Org+3 · Systemd+4

Simon Mcvittie

Publicado

2013-07-07

Atualizado

2024-06-15

CVE-2015-0245

CVSS v2.0

1.9

Baixa

Vetor

AV:L/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.4.x through 1.6.x before 1.6.30 D-Bus versions 1.8.x before 1.8.16 D-Bus versions 1.9.x before 1.9.10

Description The issue is caused by synchronization errors when using a shared resource in the D-Bus interprocess communication system. Exploitation of this issue may allow an attacker to cause a denial of service due to the lack of functionality to check the source of the ActivationFailure signal. Local users can leverage a race condition involving sending an ActivationFailure signal before systemd responds, resulting in an activation failure error.

Recommendations For D-Bus versions 1.4.x through 1.6.x before 1.6.30, update to version 1.6.30 or later. For D-Bus versions 1.8.x before 1.8.16, update to version 1.8.16 or later. For D-Bus versions 1.9.x before 1.9.10, update to version 1.9.10 or later.

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2015-1176

BDU:2020-04521

CVE-2015-0245

DSA-3161-1

MGASA-2015-0071

OPENSUSE-SU-2024:10517-1

SUSE-SU-2015:0457-1

SUSE-SU-2015_0457-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3116-1

Produtos afetados

Alt Linux

D-Bus

Suse

Ubuntu

Systemd

PT-2013-1322 · Freedesktop.Org+3 · Systemd+4

CVE-2015-0245

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52