4

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
D-bus ProjectD-bus Version1.2.4.2
D-bus ProjectD-bus Version1.2.4.4
D-bus ProjectD-bus Version1.2.4.6
FreedesktopDbus Version1.2.1
FreedesktopDbus Version1.2.3
FreedesktopDbus Version1.2.4
FreedesktopDbus Version1.2.6
FreedesktopDbus Version1.2.8
FreedesktopDbus Version1.2.10
FreedesktopDbus Version1.2.12
FreedesktopDbus Version1.2.14
FreedesktopDbus Version1.2.16
FreedesktopDbus Version1.2.18
FreedesktopDbus Version1.2.20
FreedesktopDbus Version1.2.22
FreedesktopDbus Version1.2.24
FreedesktopDbus Version1.2.26
FreedesktopDbus Version1.2.28
FreedesktopDbus Version1.2.30
FreedesktopDbus Version1.3.0
FreedesktopDbus Version1.3.1
FreedesktopDbus Version1.4.0
FreedesktopDbus Version1.4.1
FreedesktopDbus Version1.4.4
FreedesktopDbus Version1.4.6
FreedesktopDbus Version1.4.8
FreedesktopDbus Version1.4.10
FreedesktopDbus Version1.4.12
FreedesktopDbus Version1.4.14
FreedesktopDbus Version1.4.16
FreedesktopDbus Version1.4.18
FreedesktopDbus Version1.4.20
FreedesktopDbus Version1.4.22
FreedesktopDbus Version1.4.24
FreedesktopDbus Version1.4.26
FreedesktopDbus Version1.6.0
FreedesktopDbus Version1.6.2
FreedesktopDbus Version1.6.4
FreedesktopDbus Version1.6.6
FreedesktopDbus Version1.6.8
FreedesktopDbus Version1.6.10
FreedesktopDbus Version1.6.12
FreedesktopDbus Version1.6.14
FreedesktopDbus Version1.6.16
FreedesktopDbus Version1.6.18
FreedesktopDbus Version1.8.0
FreedesktopDbus Version1.8.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 4 2.5 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://advisories.mageia.org/MGASA-2014-0266.html
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
Patch
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
http://seclists.org/oss-sec/2014/q2/509
Patch
http://secunia.com/advisories/59428
http://secunia.com/advisories/59611
http://secunia.com/advisories/59798
http://www.debian.org/security/2014/dsa-2971
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.securityfocus.com/bid/67986
https://bugs.freedesktop.org/show_bug.cgi?id=78979