ID CVE-2014-7824
Summary D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
Vulnerable Configurations
  • D-Bus Project D-Bus 1.9.0
    cpe:2.3:a:d-bus_project:d-bus:1.9.0
  • D-Bus Project D-Bus 1.8.8
    cpe:2.3:a:d-bus_project:d-bus:1.8.8
  • D-Bus Project D-Bus 1.8.6
    cpe:2.3:a:d-bus_project:d-bus:1.8.6
  • D-Bus Project D-Bus 1.8.4
    cpe:2.3:a:d-bus_project:d-bus:1.8.4
  • D-Bus Project D-Bus 1.8.2
    cpe:2.3:a:d-bus_project:d-bus:1.8.2
  • D-Bus Project D-Bus 1.8.0
    cpe:2.3:a:d-bus_project:d-bus:1.8.0
  • D-Bus Project D-Bus 1.6.0
    cpe:2.3:a:d-bus_project:d-bus:1.6.0
  • D-Bus Project D-Bus 1.6.10
    cpe:2.3:a:d-bus_project:d-bus:1.6.10
  • D-Bus Project D-Bus 1.6.12
    cpe:2.3:a:d-bus_project:d-bus:1.6.12
  • D-Bus Project D-Bus 1.6.14
    cpe:2.3:a:d-bus_project:d-bus:1.6.14
  • D-Bus Project D-Bus 1.6.16
    cpe:2.3:a:d-bus_project:d-bus:1.6.16
  • D-Bus Project D-Bus 1.6.18
    cpe:2.3:a:d-bus_project:d-bus:1.6.18
  • D-Bus Project D-Bus 1.6.2
    cpe:2.3:a:d-bus_project:d-bus:1.6.2
  • D-Bus Project D-Bus 1.6.20
    cpe:2.3:a:d-bus_project:d-bus:1.6.20
  • D-Bus Project D-Bus 1.6.22
    cpe:2.3:a:d-bus_project:d-bus:1.6.22
  • D-Bus Project D-Bus 1.6.24
    cpe:2.3:a:d-bus_project:d-bus:1.6.24
  • D-Bus Project D-Bus 1.6.4
    cpe:2.3:a:d-bus_project:d-bus:1.6.4
  • D-Bus Project D-Bus 1.6.6
    cpe:2.3:a:d-bus_project:d-bus:1.6.6
  • D-Bus Project D-Bus 1.6.8
    cpe:2.3:a:d-bus_project:d-bus:1.6.8
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • cpe:2.3:o:mageia_project:mageia:4
    cpe:2.3:o:mageia_project:mageia:4
  • cpe:2.3:o:mageia_project:mageia:3
    cpe:2.3:o:mageia_project:mageia:3
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
CVSS
Base: 2.1 (as of 30-06-2016 - 12:28)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1724-1.NASL
    description dbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed : - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: 5000 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83655
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83655
    title SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2014:1724-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-691.NASL
    description dbus-1 was updated to version 1.6.26 to fix one security issue and several other issues. This security issue was fixed : - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus' file descriptors (CVE-2014-7824).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79350
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79350
    title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1454-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3099.NASL
    description Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeout change in the previous security update to its old value because the new value causes boot failures on some systems. See the README.Debian file for details how to harden the D-Bus daemon against malicious local users.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79886
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79886
    title Debian DSA-3099-1 : dbus - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17595.NASL
    description - Update to 1.8.12\\r\\n* Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 80323
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80323
    title Fedora 21 : mingw-dbus-1.8.12-1.fc21 (2014-17595)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C1930F45698211E480E1BCAEC565249C.NASL
    description Simon McVittie reports : The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as 'CVE-2014-3636 part A', which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 79197
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79197
    title FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-690.NASL
    description dbus-1 was updated to version 1.8.10 to fix one security issue and several other issues. This security issue was fixed : - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus' file descriptors (CVE-2014-7824).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79349
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79349
    title openSUSE Security Update : dbus-1 (openSUSE-SU-2014:1455-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2425-1.NASL
    description It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79621
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79621
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : dbus vulnerability (USN-2425-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16243.NASL
    description Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 79924
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79924
    title Fedora 20 : dbus-1.6.28-1.fc20 (2014-16243)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-12 (D-Bus: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 79965
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79965
    title GLSA-201412-12 : D-Bus: Multiple Vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-214.NASL
    description Updated dbus packages fixes the following security issues : Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon : On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as CVE-2014-3636 part A, which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. By queuing up the maximum allowed number of fds, a malicious sender could reach the system dbus-daemon's RLIMIT_NOFILE (ulimit -n, typically 1024 on Linux). This would act as a denial of service in two ways : - new clients would be unable to connect to the dbus-daemon - when receiving a subsequent message from a non-malicious client that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag, indicating that the list of fds was truncated; kernel fd-passing APIs do not provide any way to recover from that, so dbus-daemon responds to MSG_CTRUNC by disconnecting the sender, causing denial of service to that sender. This update also resolves the CVE-2014-7824 security vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79322
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79322
    title Mandriva Linux Security Advisory : dbus (MDVSA-2014:214)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16227.NASL
    description Update to 1.6.28 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 80130
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80130
    title Fedora 19 : dbus-1.6.28-1.fc19 (2014-16227)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17570.NASL
    description - Update to 1.8.12\\r\\n* Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 80317
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80317
    title Fedora 20 : mingw-dbus-1.6.28-1.fc20 (2014-17570)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16147.NASL
    description Update to 1.8.12 (#1168438) - Fixes CVE-2014-3635 (fd.o#83622) - Fixes CVE-2014-3636 (fd.o#82820) - Fixes CVE-2014-3637 (fd.o#80559) - Fixes CVE-2014-3638 (fd.o#81053) - Fixes CVE-2014-3639 (fd.o#80919) - Fixes CVE-2014-7824 (fd.o#85105) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-06-03
    plugin id 80060
    published 2014-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80060
    title Fedora 21 : dbus-1.8.12-1.fc21 (2014-16147)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1037.NASL
    description According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. - Security Fix(es) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.(CVE-2014-3532) - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.(CVE-2014-3533) - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.(CVE-2015-0245) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.(CVE-2014-3636) - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.(CVE-2014-3477) - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.(CVE-2014-3637) - Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.(CVE-2014-3635) - The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.(CVE-2014-3638) - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.(CVE-2014-3639) - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.(CVE-2014-7824) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99800
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99800
    title EulerOS 2.0 SP1 : dbus (EulerOS-SA-2016-1037)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-176.NASL
    description Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate (CVE-2014-3477). A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3532). A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause an invalid file descriptor to be forwarded to a service or application, causing it to disconnect from the bus, typically resulting in that service or application exiting (CVE-2014-3533). On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution (CVE-2014-3635). A denial-of-service vulnerability in dbus-daemon allowed local attackers to prevent new connections to dbus-daemon, or disconnect existing clients, by exhausting descriptor limits (CVE-2014-3636). Malicious local users could create D-Bus connections to dbus-daemon which could not be terminated by killing the participating processes, resulting in a denial-of-service vulnerability (CVE-2014-3637). dbus-daemon suffered from a denial-of-service vulnerability in the code which tracks which messages expect a reply, allowing local attackers to reduce the performance of dbus-daemon (CVE-2014-3638). dbus-daemon did not properly reject malicious connections from local users, resulting in a denial-of-service vulnerability (CVE-2014-3639). The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as CVE-2014-3636 part A, which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. By queuing up the maximum allowed number of fds, a malicious sender could reach the system dbus-daemon's RLIMIT_NOFILE (ulimit -n, typically 1024 on Linux). This would act as a denial of service in two ways : - new clients would be unable to connect to the dbus-daemon - when receiving a subsequent message from a non-malicious client that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag, indicating that the list of fds was truncated; kernel fd-passing APIs do not provide any way to recover from that, so dbus-daemon responds to MSG_CTRUNC by disconnecting the sender, causing denial of service to that sender. This update resolves the issue (CVE-2014-7824). non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester, causing a local denial of service (CVE-2015-0245).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82451
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82451
    title Mandriva Linux Security Advisory : dbus (MDVSA-2015:176)
refmap via4
bid 71012
confirm
debian DSA-3099
mandriva MDVSA-2015:176
mlist [oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636
secunia 62603
ubuntu USN-2425-1
xf dbus-cve20147824-dos(98576)
Last major update 30-06-2016 - 12:52
Published 18-11-2014 - 10:59
Last modified 07-09-2017 - 21:29
Back to Top