PT-2014-1928 · Freedesktop.Org+3 · D-Bus+3

Published

2014-11-11

Updated

2024-06-15

CVE-2014-7824

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions D-Bus versions 1.3.0 through 1.6.x before 1.6.26 D-Bus versions 1.8.x before 1.8.10 D-Bus versions 1.9.x before 1.9.2

Description The issue allows local users to cause a denial of service by queuing the maximum number of file descriptors, preventing new connections and causing connection drops. This is due to an incomplete fix for a previous issue. Additionally, multiple vulnerabilities in the dbus package may lead to breaches of confidentiality, integrity, and availability of protected information, potentially exploitable remotely.

Recommendations For D-Bus versions 1.3.0 through 1.6.x before 1.6.26, update to version 1.6.26 or later. For D-Bus versions 1.8.x before 1.8.10, update to version 1.8.10 or later. For D-Bus versions 1.9.x before 1.9.2, update to version 1.9.2 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-2339

BDU:2015-09788

CVE-2014-7824

DSA-3099-1

MGASA-2014-0457

OPENSUSE-SU-2024:10517-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2425-1

Affected Products

Alt Linux

D-Bus

Suse

Ubuntu

PT-2014-1928 · Freedesktop.Org+3 · D-Bus+3

CVE-2014-7824

Weakness Enumeration

Related Identifiers

Affected Products

References · 44