CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
5.1%
Various denial of service issues were fixed in the DBUS service.
dbus-daemon tracks whether method call messages expect a reply, so that unsolicited replies can be dropped. As currently implemented, if there are n parallel method calls in progress, each method reply takes O(n) CPU time. A malicious user could exploit this by opening the maximum allowed number of parallel connections and sending the maximum number of parallel method calls on each one, causing subsequent method calls to be unreasonably slow, a denial of service. (CVE-2014-3638)
dbus-daemon allows a small number of ‘incomplete’ connections (64 by default) whose identity has not yet been confirmed. When this limit has been reached, subsequent connections are dropped. Alban’s testing indicates that one malicious process that makes repeated connection attempts, but never completes the authentication handshake and instead waits for dbus-daemon to time out and disconnect it, can cause the majority of legitimate connection attempts to fail.
(CVE-2014-3639)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77755);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-3638", "CVE-2014-3639");
script_name(english:"SuSE 11.3 Security Update : dbus-1 (SAT Patch Number 9733)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Various denial of service issues were fixed in the DBUS service.
- dbus-daemon tracks whether method call messages expect a
reply, so that unsolicited replies can be dropped. As
currently implemented, if there are n parallel method
calls in progress, each method reply takes O(n) CPU
time. A malicious user could exploit this by opening the
maximum allowed number of parallel connections and
sending the maximum number of parallel method calls on
each one, causing subsequent method calls to be
unreasonably slow, a denial of service. (CVE-2014-3638)
- dbus-daemon allows a small number of 'incomplete'
connections (64 by default) whose identity has not yet
been confirmed. When this limit has been reached,
subsequent connections are dropped. Alban's testing
indicates that one malicious process that makes repeated
connection attempts, but never completes the
authentication handshake and instead waits for
dbus-daemon to time out and disconnect it, can cause the
majority of legitimate connection attempts to fail.
(CVE-2014-3639)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=896453"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2014-3638.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2014-3639.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9733.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:dbus-1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:dbus-1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:dbus-1-x11");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"dbus-1-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"dbus-1-x11-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"dbus-1-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"dbus-1-32bit-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"dbus-1-x11-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"dbus-1-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"dbus-1-x11-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"dbus-1-32bit-1.2.10-3.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"dbus-1-32bit-1.2.10-3.31.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");