CVE-2014-8156 Information
Share on:Description
The D-Bus security policy files in /etc/dbus-1/system.d/com.ubuntu.LanguageSelector.conf /etc/dbus-1/system.d/com.ubuntu.SoftwareProperties.conf /etc/dbus-1/system.d/org.freedesktop.Accounts.conf /etc/dbus-1/system.d/org.freedesktop.PackageKit.conf /etc/dbus-1/system.d/org.freedesktop.thermald.conf in fso-gsmd 0.12.0-3 fso-frameworkd 0.9.5.9+git20110512-4 and fso-usaged 0.12.0-2 as packaged in Debian the upstream cornucopia.git (fsoaudiod fsodatad fsodeviced fsogsmd fsonetworkd fsotdld fsousaged) git master on 2015-01-19 the upstream framework.git 0.10.1 and git master on 2015-01-19 phonefsod 0.1+git20121018-1 as packaged in Debian Ubuntu and potentially other packages and potentially other fso modules do not properly filter D-Bus message paths which might allow local users to cause a denial of service (dbus-daemon memory consumption) or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.openwall.com/lists/oss-security/2015/01/27/25 http://www.securityfocus.com/bid/72363 https://exchange.xforce.ibmcloud.com/vulnerabilities/100488
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8