CVE-2014-3636

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.3.0 through 1.6.x before 1.6.24 D-Bus versions 1.8.x before 1.8.8

Description The issue allows local users to cause a denial of service by queuing the maximum number of file descriptors, preventing new connections and causing connection drops. Additionally, it can cause a denial of service via multiple messages that combine to exceed the allowed number of file descriptors for a single sendmsg call. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For D-Bus versions 1.3.0 through 1.6.x before 1.6.24, update to version 1.6.24 or later to resolve the issue. For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sendmsg call to minimize the risk of exploitation.