// For flags

CVE-2014-8156

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

Los archivos de políticas de seguridad D-Bus en /etc/dbus-1/system.d/*.conf en fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4 y fso-usaged 0.12.0-2 tal y como se distribuyen en Debian, la versión upstream del git master cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) del 19-01-2015,a versión upstream del framework.git 0.10.1 y el git master del 19-01-2015, phonefsod 0.1+git20121018-1 tal y como se incluyen en Debian, Ubuntu y potencialmente en otros paquetes, así como otros módulos fso no filtran las rutas de mensaje D-Bus, lo que podría permitir que los usuarios locales provoquen una denegación de servicio (consumo de memoria de dbus-daemon) o ejecuten código arbitrario como root mediante el envío de un mensaje D-Bus manipulado a cualquier servicio del sistema D-Bus.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-10 CVE Reserved
  • 2017-09-25 CVE Published
  • 2023-08-05 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fso-frameworkd Project
Search vendor "Fso-frameworkd Project"
Fso-frameworkd
Search vendor "Fso-frameworkd Project" for product "Fso-frameworkd"
0.9.5.9
Search vendor "Fso-frameworkd Project" for product "Fso-frameworkd" and version "0.9.5.9"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
<= 8.0
Search vendor "Debian" for product "Debian Linux" and version " <= 8.0"
-
Safe
Fso-gsmd Project
Search vendor "Fso-gsmd Project"
Fso-gsmd
Search vendor "Fso-gsmd Project" for product "Fso-gsmd"
0.12.0-3
Search vendor "Fso-gsmd Project" for product "Fso-gsmd" and version "0.12.0-3"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
<= 8.0
Search vendor "Debian" for product "Debian Linux" and version " <= 8.0"
-
Safe
Fso-usaged Project
Search vendor "Fso-usaged Project"
Fso-usaged
Search vendor "Fso-usaged Project" for product "Fso-usaged"
0.12.0-2
Search vendor "Fso-usaged Project" for product "Fso-usaged" and version "0.12.0-2"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
<= 8.0
Search vendor "Debian" for product "Debian Linux" and version " <= 8.0"
-
Safe
Phonefsod Project
Search vendor "Phonefsod Project"
Phonefsod
Search vendor "Phonefsod Project" for product "Phonefsod"
0.1
Search vendor "Phonefsod Project" for product "Phonefsod" and version "0.1"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
<= 8.0
Search vendor "Debian" for product "Debian Linux" and version " <= 8.0"
-
Safe