CVE-2014-3639

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.6.23 and earlier D-Bus versions 1.8.x before 1.8.8

Description The issue allows local users to cause a denial of service by consuming incomplete connections and preventing new connections via a large number of incomplete connections. This is due to the dbus-daemon not properly closing old connections. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For D-Bus versions 1.6.23 and earlier, update to version 1.6.24 or later. For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later. As a temporary workaround, consider restricting the number of connections to the dbus-daemon to minimize the risk of exploitation.