Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2014-3636

Published: 25/10/2014 Updated: 27/12/2023
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Subscribe to D-bus Project

Vulnerability Summary

D-Bus 1.3.0 up to and including 1.6.x prior to 1.6.24 and 1.8.x prior to 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

d-bus project d-bus

freedesktop dbus 1.8.0

freedesktop dbus 1.8.6

freedesktop dbus 1.8.4

freedesktop dbus 1.8.2

opensuse opensuse 12.3

Vendor Advisories

Ubuntu Security Notice: dbus vulnerabilities
Several security issues were fixed in DBus ...
Debian Security Advisories: DSA-3099-1 dbus -- security update
Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count In addition, this update reverts the auth_timeout change in the previous security update to its o ...
Debian Security Advisories: DSA-3026-1 dbus -- security update
Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution CVE-2014-3636 A denial-of-service vulnerab ...
Red Hat: CVE-2014-3636
D-Bus 130 through 16x before 1624 and 18x before 188 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descrip ...

References

CWE-399http://www.debian.org/security/2014/dsa-3026http://secunia.com/advisories/61378http://www.openwall.com/lists/oss-security/2014/09/16/9https://bugs.freedesktop.org/show_bug.cgi?id=82820http://www.ubuntu.com/usn/USN-2352-1http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176http://advisories.mageia.org/MGASA-2014-0395.htmlhttp://www.securitytracker.com/id/1030864https://usn.ubuntu.com/2352-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3636
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook