What is the vulnerability ID for this issue?

The vulnerability ID for this issue is USN-4015-1.

How does the vulnerability affect DBus servers?

The vulnerability allows a local attacker to bypass authentication and connect to DBus servers with elevated privileges.

What is the affected software?

The affected software includes dbus package versions 1.12.12-1ubuntu1.1, libdbus-1-3 package versions 1.12.12-1ubuntu1.1, dbus package versions 1.12.10-1ubuntu2.1, libdbus-1-3 package versions 1.12.10-1ubuntu2.1, dbus package versions 1.12.2-1ubuntu1.1, libdbus-1-3 package versions 1.12.2-1ubuntu1.1, dbus package versions 1.10.6-1ubuntu3.4, and libdbus-1-3 package versions 1.10.6-1ubuntu3.4 on Ubuntu 19.04, 18.10, 18.04, and 16.04.

How can I fix the vulnerability?

To fix the vulnerability, update the affected software to the recommended versions - dbus package 1.12.12-1ubuntu1.1 and libdbus-1-3 package 1.12.12-1ubuntu1.1 for Ubuntu 19.04.

Where can I find more information about this vulnerability?

More information about this vulnerability can be found in the Ubuntu security advisories: [CVE-2019-12749](https://ubuntu.com/security/CVE-2019-12749) and [USN-4015-2](https://ubuntu.com/security/notices/USN-4015-2).

Vulnerability/
USN-4015-1

11/6/2019

USN-4015-1: DBus vulnerability

First published: Tue Jun 11 2019(Updated: )

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.

Affected Software	Affected Version	How to fix
All of
ubuntu/dbus	<1.12.12-1ubuntu1.1	1.12.12-1ubuntu1.1
	=19.04
All of
ubuntu/libdbus-1-3	<1.12.12-1ubuntu1.1	1.12.12-1ubuntu1.1
	=19.04
All of
ubuntu/dbus	<1.12.10-1ubuntu2.1	1.12.10-1ubuntu2.1
	=18.10
All of
ubuntu/libdbus-1-3	<1.12.10-1ubuntu2.1	1.12.10-1ubuntu2.1
	=18.10
All of
ubuntu/dbus	<1.12.2-1ubuntu1.1	1.12.2-1ubuntu1.1
	=18.04
All of
ubuntu/libdbus-1-3	<1.12.2-1ubuntu1.1	1.12.2-1ubuntu1.1
	=18.04
All of
ubuntu/dbus	<1.10.6-1ubuntu3.4	1.10.6-1ubuntu3.4
	=16.04
All of
ubuntu/libdbus-1-3	<1.10.6-1ubuntu3.4	1.10.6-1ubuntu3.4
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2019-12749

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is USN-4015-1.
How does the vulnerability affect DBus servers?
The vulnerability allows a local attacker to bypass authentication and connect to DBus servers with elevated privileges.
What is the affected software?
The affected software includes dbus package versions 1.12.12-1ubuntu1.1, libdbus-1-3 package versions 1.12.12-1ubuntu1.1, dbus package versions 1.12.10-1ubuntu2.1, libdbus-1-3 package versions 1.12.10-1ubuntu2.1, dbus package versions 1.12.2-1ubuntu1.1, libdbus-1-3 package versions 1.12.2-1ubuntu1.1, dbus package versions 1.10.6-1ubuntu3.4, and libdbus-1-3 package versions 1.10.6-1ubuntu3.4 on Ubuntu 19.04, 18.10, 18.04, and 16.04.
How can I fix the vulnerability?
To fix the vulnerability, update the affected software to the recommended versions - dbus package 1.12.12-1ubuntu1.1 and libdbus-1-3 package 1.12.12-1ubuntu1.1 for Ubuntu 19.04.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found in the Ubuntu security advisories: [CVE-2019-12749](https://ubuntu.com/security/CVE-2019-12749) and [USN-4015-2](https://ubuntu.com/security/notices/USN-4015-2).

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/title
agent/references
agent/tags
agent/description
agent/event
collector/usn
source/Ubuntu
anchor-related/USN-4015-2
agent/software-canonical-lookup
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/19.04
version/ubuntu ubuntu/18.10
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04