CVE-2014-3477

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.2.x through 1.4.x D-Bus versions 1.6.x before 1.6.20 D-Bus versions 1.8.x before 1.8.10

Description The issue allows local users to cause a denial of service or possibly conduct a side-channel attack via a D-Bus message to an inactive service. This occurs because the dbus-daemon sends an AccessDenied error to the service instead of the client when access is prohibited. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For D-Bus versions 1.2.x through 1.4.x, update to a version after 1.4.x. For D-Bus versions 1.6.x before 1.6.20, update to version 1.6.20 or later. For D-Bus versions 1.8.x before 1.8.10, update to version 1.8.10 or later.