CVE-2014-7824 - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local us

CVE-2014-7824

Summary

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

References

Vulnerable Configurations

cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*
cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*
cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*
cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

CVSS

Base:	2.1 (as of 27-12-2023 - 16:36)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	71012
confirm	http://advisories.mageia.org/MGASA-2014-0457.html https://bugs.freedesktop.org/show_bug.cgi?id=85105
debian	DSA-3099
mandriva	MDVSA-2015:176
mlist	[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636
secunia	62603
ubuntu	USN-2425-1
xf	dbus-cve20147824-dos(98576)

Last major update

27-12-2023 - 16:36

Published

18-11-2014 - 15:59

Last modified

27-12-2023 - 16:36