Input validation error in dbus (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | cve-2011-2200 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
dbus (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU32842
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: cve-2011-2200
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to read and manipulate data.
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
MitigationInstall update from vendor's website.
Vulnerable software versionsdbus (Alpine package): 1.2.14-r0 - 1.4.0-r0
CPE2.3- cpe:2.3:o:alpine:dbus_alpine_package:1.2.14-r0:*:*:*:*:alpine_linux:*:1.9
- cpe:2.3:o:alpine:dbus_alpine_package:1.4.0-r0:*:*:*:*:alpine_linux:*:2.1
https://git.alpinelinux.org/aports/commit/?id=3c1082ea1d2b1517e26f155844bf9da209fd365c
https://git.alpinelinux.org/aports/commit/?id=949b173acafd645a1c585e923bdf7081fafa4749
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
