Ubuntu Update For Dbus USN-2275-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. (CVE-2014-3477) Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use this issue to cause services or clients to disconnect, resulting in a denial of service. (CVE-2014-3532, CVE-2014-3533)

Affected

dbus on Ubuntu 14.04 LTS , Ubuntu 13.10 , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2014-3477, CVE-2014-3532, CVE-2014-3533

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for rhythmbox USN-1503-1
Ubuntu Update for amarok vulnerability USN-657-1
Ubuntu Update for puppet USN-1238-1
Ubuntu Update for apt USN-1662-1
Ubuntu Update for mysql-dfsg-5.0 vulnerability USN-440-1

Ubuntu Update for dbus USN-2275-1

Take action and discover your vulnerabilities