PT-2017-6153 · Freesmartphone.Org+1 · Framework.Git+10
Published
2017-09-25
·
Updated
2017-10-11
·
CVE-2014-8156
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
fso-gsmd versions 0.12.0-3
fso-frameworkd versions 0.9.5.9+git20110512-4
fso-usaged versions 0.12.0-2
fsoaudiod (affected versions not specified)
fsodatad (affected versions not specified)
fsodeviced (affected versions not specified)
fsogsmd (affected versions not specified)
fsonetworkd (affected versions not specified)
fsotdld (affected versions not specified)
fsousaged (affected versions not specified)
framework.git versions 0.10.1
phonefsod versions 0.1+git20121018-1
Description:
The D-Bus security policy files do not properly filter D-Bus message paths, which might allow local users to cause a denial of service or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.
Recommendations:
For fso-gsmd version 0.12.0-3, update the D-Bus security policy files to properly filter D-Bus message paths.
For fso-frameworkd version 0.9.5.9+git20110512-4, update the D-Bus security policy files to properly filter D-Bus message paths.
For fso-usaged version 0.12.0-2, update the D-Bus security policy files to properly filter D-Bus message paths.
For fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, and fsousaged, update the D-Bus security policy files to properly filter D-Bus message paths.
For framework.git version 0.10.1, update the D-Bus security policy files to properly filter D-Bus message paths.
For phonefsod version 0.1+git20121018-1, update the D-Bus security policy files to properly filter D-Bus message paths.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Bus
Framework.Git
Fso-Frameworkd
Fsogsmd
Fsousaged
Fsoaudiod
Fsodatad
Fsodeviced
Fsonetworkd
Fsotdld
Phonefsod