Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2014-7824

Published: 18/11/2014 Updated: 27/12/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Freedesktop

Vulnerability Summary

D-Bus 1.3.0 up to and including 1.6.x prior to 1.6.26, 1.8.x prior to 1.8.10, and 1.9.x prior to 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop dbus 1.6.4

freedesktop dbus 1.6.0

freedesktop dbus 1.6.24

freedesktop dbus 1.8.0

freedesktop dbus 1.9.0

freedesktop dbus 1.6.20

freedesktop dbus 1.6.10

freedesktop dbus 1.6.12

freedesktop dbus 1.6.16

freedesktop dbus 1.6.8

freedesktop dbus 1.6.14

freedesktop dbus 1.6.6

freedesktop dbus 1.6.22

freedesktop dbus 1.8.6

freedesktop dbus 1.6.18

freedesktop dbus 1.8.8

freedesktop dbus 1.8.4

freedesktop dbus 1.8.2

freedesktop dbus 1.6.2

debian debian linux 8.0

debian debian linux 7.0

mageia project mageia 4

mageia project mageia 3

canonical ubuntu linux 12.04

canonical ubuntu linux 14.10

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: dbus vulnerability
DBus could be made to stop responding under certain conditions ...
Debian Security Advisories: DSA-3099-1 dbus -- security update
Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count In addition, this update reverts the auth_timeout change in the previous security update to its o ...
Red Hat: CVE-2014-7824
D-Bus 130 through 16x before 1626, 18x before 1810, and 19x before 192 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-36361 ...

References

CWE-399http://www.securityfocus.com/bid/71012https://bugs.freedesktop.org/show_bug.cgi?id=85105http://www.openwall.com/lists/oss-security/2014/11/10/2http://www.ubuntu.com/usn/USN-2425-1http://secunia.com/advisories/62603http://www.debian.org/security/2014/dsa-3099http://www.mandriva.com/security/advisories?name=MDVSA-2015:176http://advisories.mageia.org/MGASA-2014-0457.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98576https://usn.ubuntu.com/2425-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-7824
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook