Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-691.NASL
HistoryNov 20, 2014 - 12:00 a.m.

openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1454-1)

2014-11-2000:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

dbus-1 was updated to version 1.6.26 to fix one security issue and several other issues.

This security issue was fixed :

  • Increase dbus-daemon’s RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus’ file descriptors (CVE-2014-7824).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-691.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79350);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-7824");

  script_name(english:"openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1454-1)");
  script_summary(english:"Check for the openSUSE-2014-691 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"dbus-1 was updated to version 1.6.26 to fix one security issue and
several other issues.

This security issue was fixed :

  - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to
    stop an attacker from exhausting the system bus' file
    descriptors (CVE-2014-7824)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00077.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected dbus-1 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dbus-1-x11-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdbus-1-3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debuginfo-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-debugsource-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-devel-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debuginfo-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"dbus-1-x11-debugsource-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libdbus-1-3-debuginfo-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-32bit-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-debuginfo-32bit-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"dbus-1-devel-32bit-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-32bit-1.6.26-2.30.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libdbus-1-3-debuginfo-32bit-1.6.26-2.30.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus-1-x11 / dbus-1-x11-debuginfo / dbus-1-x11-debugsource / dbus-1 / etc");
}
VendorProductVersionCPE
novellopensusedbus-1p-cpe:/a:novell:opensuse:dbus-1
novellopensusedbus-1-32bitp-cpe:/a:novell:opensuse:dbus-1-32bit
novellopensusedbus-1-debuginfop-cpe:/a:novell:opensuse:dbus-1-debuginfo
novellopensusedbus-1-debuginfo-32bitp-cpe:/a:novell:opensuse:dbus-1-debuginfo-32bit
novellopensusedbus-1-debugsourcep-cpe:/a:novell:opensuse:dbus-1-debugsource
novellopensusedbus-1-develp-cpe:/a:novell:opensuse:dbus-1-devel
novellopensusedbus-1-devel-32bitp-cpe:/a:novell:opensuse:dbus-1-devel-32bit
novellopensusedbus-1-x11p-cpe:/a:novell:opensuse:dbus-1-x11
novellopensusedbus-1-x11-debuginfop-cpe:/a:novell:opensuse:dbus-1-x11-debuginfo
novellopensusedbus-1-x11-debugsourcep-cpe:/a:novell:opensuse:dbus-1-x11-debugsource
Rows per page:
1-10 of 151

Related

securityvulns 2
ubuntu 1
nessus 16
openvas 16
cvelist 1
cve 1
archlinux 1
debian 1
nvd 1
debiancve 1
prion 1
freebsd 1
mageia 1
ubuntucve 1
photon 2
fedora 7
gentoo 1
suse 2
securityvulns
securityvulns
[USN-2425-1] DBus vulnerability
2014-11-30 00:00:00
dbus multiple security vulnerabilities
2014-11-30 00:00:00
ubuntu
ubuntu
DBus vulnerability
2014-11-27 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : DBus vulnerability (USN-2425-1)
2014-11-28 00:00:00
openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1455-1)
2014-11-20 00:00:00
Debian DSA-3099-1 : dbus - security update
2014-12-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2425-1)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2014-0457)
2022-01-28 00:00:00
Debian Security Advisory DSA 3099-1 (dbus - security update)
2014-12-11 00:00:00
cvelist
cvelist
CVE-2014-7824
2014-11-18 15:00:00
cve
cve
CVE-2014-7824
2014-11-18 15:59:04
archlinux
archlinux
dbus: denial of service
2014-11-23 00:00:00
debian
debian
[SECURITY] [DSA 3099-1] dbus security update
2014-12-11 21:15:23
nvd
nvd
CVE-2014-7824
2014-11-18 15:59:04
debiancve
debiancve
CVE-2014-7824
2014-11-18 15:59:04
prion
prion
Code injection
2014-11-18 15:59:00
freebsd
freebsd
dbus -- incomplete fix for CVE-2014-3636 part A
2014-11-10 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerabilitiy
2014-11-15 21:31:46
ubuntucve
ubuntucve
CVE-2014-7824
2014-11-18 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0249
2019-09-03 00:00:00
Important Photon OS Security Update - PHSA-2019-0249
2019-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: dbus-1.8.12-1.fc21
2014-12-17 04:46:59
[SECURITY] Fedora 21 Update: dbus-1.8.16-1.fc21
2015-02-16 03:26:31
[SECURITY] Fedora 20 Update: mingw-dbus-1.6.28-1.fc20
2015-01-02 05:04:52
gentoo
gentoo
D-Bus: Multiple Vulnerabilities
2014-12-13 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for OPENSUSE-2014-691.NASL
securityvulns2ubuntu1nessus16openvas16cvelist1cve1archlinux1debian1nvd1debiancve1prion1freebsd1mageia1ubuntucve1photon2fedora7gentoo1suse2