Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562310893142HistoryOct 11, 2022 - 12:00 a.m.
Debian: Security Advisory (DLA-3142-1)
2022-10-1100:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
3
debian
security advisory
dla-3142-1
dbus
denial of service
authenticated user
vulnerability
upgrade
debian 10 buster
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.7%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.893142");
script_cve_id("CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012");
script_tag(name:"creation_date", value:"2022-10-11 01:00:12 +0000 (Tue, 11 Oct 2022)");
script_version("2024-02-02T05:06:08+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-10-11 18:51:40 +0000 (Tue, 11 Oct 2022)");
script_name("Debian: Security Advisory (DLA-3142-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");
script_xref(name:"Advisory-ID", value:"DLA-3142-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2022/DLA-3142-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/dbus");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'dbus' package(s) announced via the DLA-3142-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a simple interprocess messaging system, which may result in denial of service by an authenticated user.
For Debian 10 buster, these problems have been fixed in version 1.12.24-0+deb10u1.
We recommend that you upgrade your dbus packages.
For the detailed security status of dbus please refer to its security tracker page at: [link moved to references]
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'dbus' package(s) on Debian 10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB10") {
if(!isnull(res = isdpkgvuln(pkg:"dbus", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dbus-1-doc", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dbus-tests", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dbus-udeb", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dbus-user-session", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dbus-x11", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdbus-1-3", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdbus-1-3-udeb", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdbus-1-dev", ver:"1.12.24-0+deb10u1", rls:"DEB10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : dbus (EulerOS-SA-2023-1655)
2023-04-27 00:00:00
CentOS 8 : dbus (CESA-2023:0096)
2024-02-08 00:00:00
SUSE SLES12 Security Update : dbus-1 (SUSE-SU-2022:4295-1)
2022-11-30 00:00:00
osv
osv
Moderate: dbus security update
2023-01-23 00:00:00
Moderate: dbus security update
2023-01-12 08:25:26
dbus vulnerabilities
2022-10-27 13:00:09
openvas
openvas
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2023-2034)
2023-06-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3804-1)
2022-10-28 00:00:00
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2023-1380)
2023-02-10 00:00:00
amazon
amazon
Medium: dbus
2023-04-13 19:01:00
Medium: dbus
2023-03-30 18:56:00
rocky
rocky
dbus security update
2023-01-12 08:25:26
dbus security update
2023-01-23 14:30:24
redos
redos
ROS-20221013-01
2022-10-13 00:00:00
debian
debian
[SECURITY] [DSA 5250-1] dbus security update
2022-10-06 18:51:40
[SECURITY] [DLA 3142-1] dbus security update
2022-10-10 14:47:14
fedora
fedora
[SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35
2022-10-26 17:35:19
[SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36
2022-10-14 13:03:28
[SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37
2022-11-10 22:40:24
almalinux
almalinux
Moderate: dbus security update
2023-01-23 00:00:00
Moderate: dbus security update
2023-01-12 00:00:00
suse
suse
Security update for dbus-1 (important)
2022-10-27 00:00:00
Security update for dbus-1 (important)
2022-10-27 00:00:00
oraclelinux
oraclelinux
dbus security update
2023-01-12 00:00:00
dbus security update
2023-01-24 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2022:8977) Moderate: dbus security update
2022-12-13 15:31:11
(RHSA-2023:0096) Moderate: dbus security update
2023-01-12 08:25:26
(RHSA-2023:0335) Moderate: dbus security update
2023-01-23 14:30:24
cloudfoundry
cloudfoundry
USN-5704-1: DBus vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
gentoo
gentoo
D-Bus: Multiple Vulnerabilities
2023-05-03 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0263
2022-10-14 00:00:00
Moderate Photon OS Security Update - PHSA-2022-4.0-0263
2022-10-14 00:00:00
Critical Photon OS Security Update - PHSA-2022-3.0-0470
2022-10-16 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerability
2022-10-08 23:22:22
ubuntu
ubuntu
DBus vulnerabilities
2022-10-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-42012 affecting package dbus for versions less than 1.15.2-2
2022-11-03 20:37:47
CVE-2022-42011 affecting package dbus 1.13.6-5
2023-02-14 02:35:58
CVE-2022-42010 affecting package dbus for versions less than 1.15.2-2
2022-11-03 20:37:47
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-10-10 00:15:00
Format string
2022-10-10 00:15:00
Design/Logic Flaw
2022-10-10 00:15:00
debiancve
debiancve
cve
cve
veracode
veracode
Denial Of Service (DoS)
2022-10-06 17:07:08
Denial Of Service (DoS)
2022-10-06 17:06:28
Denial Of Service (DoS)
2022-10-06 17:05:58
alpinelinux
alpinelinux
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.7%
Related for OPENVAS:1361412562310893142