fkie_cve-2014-3635
Vulnerability from fkie_nvd
Published
2014-09-22 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0395.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/61378
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3026
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/09/16/9
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
secalert@redhat.comhttp://www.securitytracker.com/id/1030864
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2352-1
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=83622Patch
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0395.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61378
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3026
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/09/16/9
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030864
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2352-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=83622Patch
Impacted products
Vendor Product Version
d-bus_project d-bus *
freedesktop dbus 1.6.0
freedesktop dbus 1.6.2
freedesktop dbus 1.6.4
freedesktop dbus 1.6.6
freedesktop dbus 1.6.8
freedesktop dbus 1.6.10
freedesktop dbus 1.6.12
freedesktop dbus 1.6.14
freedesktop dbus 1.6.16
freedesktop dbus 1.6.18
freedesktop dbus 1.6.20
freedesktop dbus 1.8.0
freedesktop dbus 1.8.2
freedesktop dbus 1.8.4
freedesktop dbus 1.8.6
opensuse opensuse 12.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFAD9C82-0893-47DE-9BE4-7D97EF6E1441",
              "versionEndIncluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
    },
    {
      "lang": "es",
      "value": "Error por un paso en D-Bus 1.3.0 hasta la versi\u00f3n 1.6.x en versiones anteriores a 1.6.24 y 1.8.x en versiones anteriores a 1.8.8, cuando cuando se ejecuta en sistemas de 64 bits y el l\u00edmite max_message_unix_fds est\u00e1 establecido en un n\u00famero impar, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de dbus-daemon) o posiblemente ejecutar c\u00f3digo arbitrario enviando un descriptor de archivo superior al m\u00e1ximo, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica o un fallo de aserci\u00f3n."
    }
  ],
  "id": "CVE-2014-3635",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-22T15:55:07.983",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.