CVE-2014-3637

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.3.0 through 1.6.x before 1.6.24 D-Bus versions 1.8.x before 1.8.8

Description The issue allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor, as connections for terminated processes are not properly closed. This can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For D-Bus versions 1.3.0 through 1.6.x before 1.6.24, update to version 1.6.24 or later to resolve the issue. For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to D-Bus connections to minimize the risk of exploitation.