FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2168

This CVE name corresponds to:

Entered Topic
2013-06-13 dbus -- local dos

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-2168 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-2168
Phase Assigned(20130219)

Description

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

References

Source Reference
MLIST [dbus] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
MLIST [oss-security] 20130613 CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
CONFIRM http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=974109
DEBIAN DSA-2707
FEDORA FEDORA-2013-11142
FEDORA FEDORA-2013-11198
MANDRIVA MDVSA-2013:177
SUSE openSUSE-SU-2013:1118
SUSE openSUSE-SU-2014:1239
UBUNTU USN-1874-1
BID 60546
OVAL oval:org.mitre.oval:def:16881
SECTRACK 1028667
SECUNIA 53317
SECUNIA 53832

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.