PT-2013-1322 · Freedesktop.Org+3 · Systemd+4

Simon Mcvittie

Published

2013-07-07

Updated

2024-06-15

CVE-2015-0245

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.4.x through 1.6.x before 1.6.30 D-Bus versions 1.8.x before 1.8.16 D-Bus versions 1.9.x before 1.9.10

Description The issue is caused by synchronization errors when using a shared resource in the D-Bus interprocess communication system. Exploitation of this issue may allow an attacker to cause a denial of service due to the lack of functionality to check the source of the ActivationFailure signal. Local users can leverage a race condition involving sending an ActivationFailure signal before systemd responds, resulting in an activation failure error.

Recommendations For D-Bus versions 1.4.x through 1.6.x before 1.6.30, update to version 1.6.30 or later. For D-Bus versions 1.8.x before 1.8.16, update to version 1.8.16 or later. For D-Bus versions 1.9.x before 1.9.10, update to version 1.9.10 or later.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2015-1176

BDU:2020-04521

CVE-2015-0245

DSA-3161-1

MGASA-2015-0071

OPENSUSE-SU-2024:10517-1

SUSE-SU-2015:0457-1

SUSE-SU-2015_0457-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3116-1

Affected Products

Alt Linux

D-Bus

Suse

Ubuntu

Systemd

PT-2013-1322 · Freedesktop.Org+3 · Systemd+4

CVE-2015-0245

Weakness Enumeration

Related Identifiers

Affected Products

References · 52