Published: 08/06/2020 Updated: 12/06/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in dbus >= 1.3.0 prior to 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freedesktop dbus
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
canonical ubuntu linux 12.04

DBus could be made to crash if it received specially crafted input ...

A flaw was found in dbus The implementation of DBUS_COOKIE_SHA1 is susceptible to a symbolic link attack A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an authentication bypass The highest threat from this vu ...

Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: dbus security update Type / Sévérité Security Advisory: Important Sujet An update for dbus is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Moderate: Red Hat Quay v331 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Quay 33Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: OpenShift Container Platform 4331 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

An issue was discovered in dbus >= 130 before 11218 The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach it ...

CWE-404 http://www.openwall.com/lists/oss-security/2020/06/04/3 https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16 https://usn.ubuntu.com/4398-1/https://usn.ubuntu.com/4398-2/https://security.gentoo.org/glsa/202007-46 https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html https://nvd.nist.gov https://usn.ubuntu.com/4398-1/

Get Started

CVE-2020-12049

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect