Vulnerability in Freedesktop Dbus
CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NO…
EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.
Affected products
- Freedesktop Dbus — versions 1.6.0, 1.6.2, 1.6.4
- Mageia_project Mageia — versions 3, 4
- Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636 (mailing-list, x_refsource_MLIST, Exploit)
- 62603 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit)
- dbus-cve20147824-dos(98576) (vdb-entry, x_refsource_XF)
- 71012 (vdb-entry, x_refsource_BID)
- USN-2425-1 (x_refsource_UBUNTU, vendor-advisory)
- DSA-3099 (vendor-advisory, x_refsource_DEBIAN)
- MDVSA-2015:176 (vendor-advisory, x_refsource_MANDRIVA)