CVE-2014-3635

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.3.0 through 1.6.x before 1.6.24 D-Bus versions 1.8.x before 1.8.8

Description The issue is caused by an off-by-one error when running on a 64-bit system and the max message unix fds limit is set to an odd number. This allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. The vulnerability can be exploited to compromise the confidentiality, integrity, and availability of protected information.

Recommendations For D-Bus versions 1.3.0 through 1.6.x before 1.6.24, update to version 1.6.24 or later to resolve the issue. For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider setting the max message unix fds limit to an even number to prevent the off-by-one error.