Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0245

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2015-0245
Last Modified 14 Apr 2015 10:02:10
Published 13 Feb 2015 10:59:08
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0245

Summary

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • D-bus Project D-bus 1.4.0

  • D-bus Project D-bus 1.4.1

  • D-bus Project D-bus 1.4.10

  • D-bus Project D-bus 1.4.12

  • D-bus Project D-bus 1.4.14

  • D-bus Project D-bus 1.4.16

  • D-bus Project D-bus 1.4.18

  • D-bus Project D-bus 1.4.20

  • D-bus Project D-bus 1.4.24

  • D-bus Project D-bus 1.4.26

  • D-bus Project D-bus 1.4.4

  • D-bus Project D-bus 1.4.6

  • D-bus Project D-bus 1.4.8

  • D-bus Project D-bus 1.5.0

  • D-bus Project D-bus 1.5.10

  • D-bus Project D-bus 1.5.12

  • D-bus Project D-bus 1.5.2

  • D-bus Project D-bus 1.5.4

  • D-bus Project D-bus 1.5.6

  • D-bus Project D-bus 1.5.8

  • D-bus Project D-bus 1.6.0

  • D-bus Project D-bus 1.6.10

  • D-bus Project D-bus 1.6.12

  • D-bus Project D-bus 1.6.14

  • D-bus Project D-bus 1.6.16

  • D-bus Project D-bus 1.6.18

  • D-bus Project D-bus 1.6.2

  • D-bus Project D-bus 1.6.20

  • D-bus Project D-bus 1.6.22

  • D-bus Project D-bus 1.6.24

  • D-bus Project D-bus 1.6.26

  • D-bus Project D-bus 1.6.28

  • D-bus Project D-bus 1.6.4

  • D-bus Project D-bus 1.6.6

  • D-bus Project D-bus 1.6.8

  • D-bus Project D-bus 1.8.0

  • D-bus Project D-bus 1.8.10

  • D-bus Project D-bus 1.8.12

  • D-bus Project D-bus 1.8.14

  • D-bus Project D-bus 1.8.2

  • D-bus Project D-bus 1.8.4

  • D-bus Project D-bus 1.8.6

  • D-bus Project D-bus 1.8.8

  • D-bus Project D-bus 1.9.0

  • D-bus Project D-bus 1.9.2

  • D-bus Project D-bus 1.9.4

  • D-bus Project D-bus 1.9.6

  • D-bus Project D-bus 1.9.8


References

MLIST - [oss-security] 20150209 CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation

DEBIAN - DSA-3161

SUSE - openSUSE-SU-2015:0300

MANDRIVA - MDVSA-2015:176

CONFIRM - http://advisories.mageia.org/MGASA-2015-0071.html


Last Updated: 27 May 2016 11:07:50