PT-2014-1927 · Freedesktop.Org+3 · D-Bus+3
Published
2014-09-17
·
Updated
2024-06-15
·
CVE-2014-3639
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
D-Bus versions 1.6.23 and earlier
D-Bus versions 1.8.x before 1.8.8
Description
The issue allows local users to cause a denial of service by consuming incomplete connections and preventing new connections via a large number of incomplete connections. This is due to the dbus-daemon not properly closing old connections. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be performed remotely.
Recommendations
For D-Bus versions 1.6.23 and earlier, update to version 1.6.24 or later.
For D-Bus versions 1.8.x before 1.8.8, update to version 1.8.8 or later.
As a temporary workaround, consider restricting the number of connections to the dbus-daemon to minimize the risk of exploitation.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
D-Bus
Suse
Ubuntu