what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-214

Mandriva Linux Security Advisory 2014-214
Posted Nov 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-214 - Alban Crequy and Simon McVittie discovered several vulnerabilities On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824
SHA-256 | f18c3638c62248de6d67a047b0c027faf904613ac8a45ce27c1d8bbe02610f6b

Mandriva Linux Security Advisory 2014-214

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:214
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dbus
Date : November 18, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated dbus packages fixes the following security issues:

Alban Crequy and Simon McVittie discovered several vulnerabilities
in the D-Bus message daemon:

On 64-bit platforms, file descriptor passing could be abused by local
users to cause heap corruption in dbus-daemon, leading to a crash,
or potentially to arbitrary code execution (CVE-2014-3635).

A denial-of-service vulnerability in dbus-daemon allowed local
attackers to prevent new connections to dbus-daemon, or disconnect
existing clients, by exhausting descriptor limits (CVE-2014-3636).

Malicious local users could create D-Bus connections to dbus-daemon
which could not be terminated by killing the participating processes,
resulting in a denial-of-service vulnerability (CVE-2014-3637).

dbus-daemon suffered from a denial-of-service vulnerability in the
code which tracks which messages expect a reply, allowing local
attackers to reduce the performance of dbus-daemon (CVE-2014-3638).

dbus-daemon did not properly reject malicious connections from local
users, resulting in a denial-of-service vulnerability (CVE-2014-3639).

The patch issued by the D-Bus maintainers for CVE-2014-3636 was
based on incorrect reasoning, and does not fully prevent the attack
described as CVE-2014-3636 part A, which is repeated below. Preventing
that attack requires raising the system dbus-daemon's RLIMIT_NOFILE
(ulimit -n) to a higher value.

By queuing up the maximum allowed number of fds, a malicious sender
could reach the system dbus-daemon's RLIMIT_NOFILE (ulimit -n,
typically 1024 on Linux). This would act as a denial of service in
two ways:

* new clients would be unable to connect to the dbus-daemon
* when receiving a subsequent message from a non-malicious client
that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag,
indicating that the list of fds was truncated; kernel fd-passing APIs
do not provide any way to recover from that, so dbus-daemon responds
to MSG_CTRUNC by disconnecting the sender, causing denial of service
to that sender.

This update also resolves the CVE-2014-7824 security vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7824
http://advisories.mageia.org/MGASA-2014-0395.html
http://advisories.mageia.org/MGASA-2014-0457.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
4baf3a4a62888fd38df305801d830866 mbs1/x86_64/dbus-1.4.16-7.5.mbs1.x86_64.rpm
8f564fedf6130d7efb4366961997f5a3 mbs1/x86_64/dbus-doc-1.4.16-7.5.mbs1.x86_64.rpm
2c8649da902067e15e6beab1c7e88c03 mbs1/x86_64/dbus-x11-1.4.16-7.5.mbs1.x86_64.rpm
3c692ce18b78e8e78fe584153f4d4213 mbs1/x86_64/lib64dbus-1_3-1.4.16-7.5.mbs1.x86_64.rpm
e8a63a7374bc712eab162411385f6cff mbs1/x86_64/lib64dbus-1-devel-1.4.16-7.5.mbs1.x86_64.rpm
d4d7bf9935b24ebb1b64a136b6c6acfd mbs1/SRPMS/dbus-1.4.16-7.5.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUa3pVmqjQ0CJFipgRAnimAJsFF29nh6943eHC8nkUppH1WOfbqgCfb6IC
tDxSi3Oy0p/WZBhGGur+bf8=
=g133
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close