CVE-2014-7824

Severity

21%

Complexity

39%

Confidentiality

48%

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2014-11-18 15:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

D-Bus Project D-Bus 1.6.0

1.6.0

D-Bus Project D-Bus 1.6.2

1.6.2

D-Bus Project D-Bus 1.6.4

1.6.4

D-Bus Project D-Bus 1.6.6

1.6.6

D-Bus Project D-Bus 1.6.8

1.6.8

D-Bus Project D-Bus 1.6.10

1.6.10

D-Bus Project D-Bus 1.6.12

1.6.12

D-Bus Project D-Bus 1.6.14

1.6.14

D-Bus Project D-Bus 1.6.16

1.6.16

D-Bus Project D-Bus 1.6.18

1.6.18

D-Bus Project D-Bus 1.6.20

1.6.20

D-Bus Project D-Bus 1.6.22

1.6.22

D-Bus Project D-Bus 1.6.24

1.6.24

D-Bus Project D-Bus 1.8.0

1.8.0

D-Bus Project D-Bus 1.8.2

1.8.2

D-Bus Project D-Bus 1.8.4

1.8.4

D-Bus Project D-Bus 1.8.6

1.8.6

D-Bus Project D-Bus 1.8.8

1.8.8

D-Bus Project D-Bus 1.9.0

1.9.0

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 14.10

14.10

References

http://advisories.mageia.org/MGASA-2014-0457.html

62603

DSA-3099

MDVSA-2015:176

[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636

Exploit

71012

USN-2425-1

https://bugs.freedesktop.org/show_bug.cgi?id=85105