Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester. For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 1.8.16-1. We recommend that you upgrade your dbus packages.
Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.
For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u6.
For the unstable distribution (sid), this problem has been fixed in version 1.8.16-1.
We recommend that you upgrade your dbus packages.
Vulmon