CVE-2014-3639

Published: Sep 22, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

Affected (17)

Products: Opensuse: Opensuse · D Bus Project: D Bus · Freedesktop: Dbus

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
D Bus Project D Bus	Up to 1.6.22
Freedesktop Dbus	Version 1.6.0
Freedesktop Dbus	Version 1.6.10
Freedesktop Dbus	Version 1.6.12
Freedesktop Dbus	Version 1.6.14
Freedesktop Dbus	Version 1.6.16
Freedesktop Dbus	Version 1.6.18
Freedesktop Dbus	Version 1.6.20
Freedesktop Dbus	Version 1.6.2
Freedesktop Dbus	Version 1.6.4
Freedesktop Dbus	Version 1.6.6
Freedesktop Dbus	Version 1.6.8
Freedesktop Dbus	Version 1.8.0
Freedesktop Dbus	Version 1.8.2
Freedesktop Dbus	Version 1.8.4
Freedesktop Dbus	Version 1.8.6

Related CWEs

References (22)

http://advisories.mageia.org/MGASA-2014-0395.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: secalert@redhat.com

http://secunia.com/advisories/61378

Source: secalert@redhat.com

http://secunia.com/advisories/61431

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3026

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/09/16/9

Source: secalert@redhat.com

http://www.securitytracker.com/id/1030864

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2352-1

Source: secalert@redhat.com

https://bugs.freedesktop.org/show_bug.cgi?id=80919

Source: secalert@redhat.com

Patch

http://advisories.mageia.org/MGASA-2014-0395.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61378

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61431

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3026

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/09/16/9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030864

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2352-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.freedesktop.org/show_bug.cgi?id=80919

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.