CVE-2014-8156
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.
Los archivos de políticas de seguridad D-Bus en /etc/dbus-1/system.d/*.conf en fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4 y fso-usaged 0.12.0-2 tal y como se distribuyen en Debian, la versión upstream del git master cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) del 19-01-2015,a versión upstream del framework.git 0.10.1 y el git master del 19-01-2015, phonefsod 0.1+git20121018-1 tal y como se incluyen en Debian, Ubuntu y potencialmente en otros paquetes, así como otros módulos fso no filtran las rutas de mensaje D-Bus, lo que podría permitir que los usuarios locales provoquen una denegación de servicio (consumo de memoria de dbus-daemon) o ejecuten código arbitrario como root mediante el envío de un mensaje D-Bus manipulado a cualquier servicio del sistema D-Bus.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2017-09-25 CVE Published
- 2023-08-05 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/27/25 | Mailing List |
|
| http://www.securityfocus.com/bid/72363 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100488 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fso-frameworkd Project Search vendor "Fso-frameworkd Project" | Fso-frameworkd Search vendor "Fso-frameworkd Project" for product "Fso-frameworkd" | 0.9.5.9 Search vendor "Fso-frameworkd Project" for product "Fso-frameworkd" and version "0.9.5.9" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | <= 8.0 Search vendor "Debian" for product "Debian Linux" and version " <= 8.0" | - |
Safe
|
| Fso-gsmd Project Search vendor "Fso-gsmd Project" | Fso-gsmd Search vendor "Fso-gsmd Project" for product "Fso-gsmd" | 0.12.0-3 Search vendor "Fso-gsmd Project" for product "Fso-gsmd" and version "0.12.0-3" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | <= 8.0 Search vendor "Debian" for product "Debian Linux" and version " <= 8.0" | - |
Safe
|
| Fso-usaged Project Search vendor "Fso-usaged Project" | Fso-usaged Search vendor "Fso-usaged Project" for product "Fso-usaged" | 0.12.0-2 Search vendor "Fso-usaged Project" for product "Fso-usaged" and version "0.12.0-2" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | <= 8.0 Search vendor "Debian" for product "Debian Linux" and version " <= 8.0" | - |
Safe
|
| Phonefsod Project Search vendor "Phonefsod Project" | Phonefsod Search vendor "Phonefsod Project" for product "Phonefsod" | 0.1 Search vendor "Phonefsod Project" for product "Phonefsod" and version "0.1" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | <= 8.0 Search vendor "Debian" for product "Debian Linux" and version " <= 8.0" | - |
Safe
|