DSA-3161-1 dbus -- dbusID: oval:org.secpod.oval:def:601955 | Date: (C)2015-02-18 (M)2024-01-02 |
Class: PATCH | Family: unix |
Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.