FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dbus file descriptor leak

Affected packages
dbus < 1.12.18

Details

VuXML ID 27616957-b084-11ea-937b-b42e99a1b9c3
Discovery 2020-04-09
Entry 2020-07-03

GitHub Security Lab reports:

D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine.

References

CVE Name CVE-2020-12049
URL https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
URL https://www.openwall.com/lists/oss-security/2020/06/04/3