PT-2014-1928 · Freedesktop.Org+3 · D-Bus+3
Publicado
2014-11-11
·
Atualizado
2024-06-15
·
CVE-2014-7824
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
D-Bus versions 1.3.0 through 1.6.x before 1.6.26
D-Bus versions 1.8.x before 1.8.10
D-Bus versions 1.9.x before 1.9.2
Description
The issue allows local users to cause a denial of service by queuing the maximum number of file descriptors, preventing new connections and causing connection drops. This is due to an incomplete fix for a previous issue. Additionally, multiple vulnerabilities in the dbus package may lead to breaches of confidentiality, integrity, and availability of protected information, potentially exploitable remotely.
Recommendations
For D-Bus versions 1.3.0 through 1.6.x before 1.6.26, update to version 1.6.26 or later.
For D-Bus versions 1.8.x before 1.8.10, update to version 1.8.10 or later.
For D-Bus versions 1.9.x before 1.9.2, update to version 1.9.2 or later.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
D-Bus
Suse
Ubuntu