4

CVE-2014-3477

EPSS 0.09%
Veröffentlicht 01.07.2014 17:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

D-bus Project ≫ D-bus Version1.2.4.2

D-bus Project ≫ D-bus Version1.2.4.4

D-bus Project ≫ D-bus Version1.2.4.6

Freedesktop ≫ Dbus Version1.2.1

Freedesktop ≫ Dbus Version1.2.3

Freedesktop ≫ Dbus Version1.2.4

Freedesktop ≫ Dbus Version1.2.6

Freedesktop ≫ Dbus Version1.2.8

Freedesktop ≫ Dbus Version1.2.10

Freedesktop ≫ Dbus Version1.2.12

Freedesktop ≫ Dbus Version1.2.14

Freedesktop ≫ Dbus Version1.2.16

Freedesktop ≫ Dbus Version1.2.18

Freedesktop ≫ Dbus Version1.2.20

Freedesktop ≫ Dbus Version1.2.22

Freedesktop ≫ Dbus Version1.2.24

Freedesktop ≫ Dbus Version1.2.26

Freedesktop ≫ Dbus Version1.2.28

Freedesktop ≫ Dbus Version1.2.30

Freedesktop ≫ Dbus Version1.3.0

Freedesktop ≫ Dbus Version1.3.1

Freedesktop ≫ Dbus Version1.4.0

Freedesktop ≫ Dbus Version1.4.1

Freedesktop ≫ Dbus Version1.4.4

Freedesktop ≫ Dbus Version1.4.6

Freedesktop ≫ Dbus Version1.4.8

Freedesktop ≫ Dbus Version1.4.10

Freedesktop ≫ Dbus Version1.4.12

Freedesktop ≫ Dbus Version1.4.14

Freedesktop ≫ Dbus Version1.4.16

Freedesktop ≫ Dbus Version1.4.18

Freedesktop ≫ Dbus Version1.4.20

Freedesktop ≫ Dbus Version1.4.22

Freedesktop ≫ Dbus Version1.4.24

Freedesktop ≫ Dbus Version1.4.26

Freedesktop ≫ Dbus Version1.6.0

Freedesktop ≫ Dbus Version1.6.2

Freedesktop ≫ Dbus Version1.6.4

Freedesktop ≫ Dbus Version1.6.6

Freedesktop ≫ Dbus Version1.6.8

Freedesktop ≫ Dbus Version1.6.10

Freedesktop ≫ Dbus Version1.6.12

Freedesktop ≫ Dbus Version1.6.14

Freedesktop ≫ Dbus Version1.6.16

Freedesktop ≫ Dbus Version1.6.18

Freedesktop ≫ Dbus Version1.8.0

Freedesktop ≫ Dbus Version1.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.254

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

http://advisories.mageia.org/MGASA-2014-0266.html

http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567

Patch

http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html

http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html

http://seclists.org/oss-sec/2014/q2/509

Patch

http://secunia.com/advisories/59428

http://secunia.com/advisories/59611

http://secunia.com/advisories/59798

http://www.debian.org/security/2014/dsa-2971

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

http://www.securityfocus.com/bid/67986

https://bugs.freedesktop.org/show_bug.cgi?id=78979

https://nvd.nist.gov/vuln/detail/CVE-2014-3477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3477

EUVD