CVE-2014-3532

Name of the Vulnerable Software and Affected Versions dbus versions 1.3.0 through 1.6.22 dbus versions 1.8.x through 1.8.6

Description The issue allows local users to cause a denial of service by sending a message containing a file descriptor and then exceeding the maximum recursion depth before the initial message is forwarded. This can lead to a system-bus disconnect of other services or applications. Additionally, there are multiple vulnerabilities in the dbus package that can lead to violations of confidentiality, integrity, and availability of protected information, potentially exploitable remotely.

Recommendations For dbus versions 1.3.0 through 1.6.22, update to version 1.6.22 or later. For dbus versions 1.8.x through 1.8.6, update to version 1.8.6 or later. As a temporary workaround, consider restricting access to the system bus to minimize the risk of exploitation.