CVE-2014-3477
4.0
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 2.5 / Impact: 1.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
Affected (47)
Products: D Bus Project: D Bus · Freedesktop: Dbus
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.4.2 | |
| Version 1.2.10 |
References (26)
Source: secalert@redhat.com
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.