PT-2014-1926 · Freedesktop.Org+2 · D-Bus+2

Published

2014-09-17

·

Updated

2024-06-15

·

CVE-2014-3637

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions D-Bus versions 1.3.0 through 1.6.x before 1.6.24 D-Bus versions 1.8.x before 1.8.8
Description The issue allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor, as connections for terminated processes are not properly closed. This can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.
Recommendations For D-Bus versions 1.3.0 through 1.6.x before 1.6.24, update to version 1.6.24 or later to resolve the issue. For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to D-Bus connections to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

ALT-PU-2014-2148
BDU:2015-09788
CVE-2014-3637
DSA-3026-1
MGASA-2014-0395
OPENSUSE-SU-2024:10517-1
USN-2352-1

Affected Products

Alt Linux
D-Bus
Ubuntu