FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3477

This CVE name corresponds to:

Entered Topic
2014-06-14 dbus -- local DoS

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3477 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3477
Phase Assigned(20140514)

Description

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

References

Source Reference
MLIST [oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon
CONFIRM http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=78979
CONFIRM http://advisories.mageia.org/MGASA-2014-0266.html
DEBIAN DSA-2971
MANDRIVA MDVSA-2015:176
SUSE openSUSE-SU-2014:0821
SUSE openSUSE-SU-2014:0874
SUSE openSUSE-SU-2014:1239
BID 67986
SECUNIA 59611
SECUNIA 59428
SECUNIA 59798

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.