PT-2013-1062 · Freedesktop.Org · D-Bus

Published

2013-06-18

Updated

2024-06-15

CVE-2013-2168

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.4.x through 1.4.25 D-Bus versions 1.6.x through 1.6.11 D-Bus versions 1.7.x through 1.7.3

Description The issue allows local users to cause a denial of service via a crafted message, potentially disrupting the availability of protected information. This can be achieved by exploiting the dbus printf string upper bound function in dbus/dbus-sysdeps-unix.c. The exploitation can be carried out locally.

Recommendations For D-Bus versions 1.4.x through 1.4.25, update to version 1.4.26 or later. For D-Bus versions 1.6.x through 1.6.11, update to version 1.6.12 or later. For D-Bus versions 1.7.x through 1.7.3, update to version 1.7.4 or later. As a temporary workaround, consider restricting access to the dbus printf string upper bound function in dbus/dbus-sysdeps-unix.c to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-01741

BDU:2015-09737

CVE-2013-2168

DSA-2707-1

MGASA-2013-0173

OPENSUSE-SU-2024:10517-1

Affected Products

D-Bus

PT-2013-1062 · Freedesktop.Org · D-Bus

CVE-2013-2168

Weakness Enumeration

Related Identifiers

Affected Products

References · 44