Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Related bugs and status

CVE-2014-3477 (Candidate) is related to these bugs:

Bug #1320422: Please merge dbus 1.8.6-1 (main) from Debian testing (main)

Summary				In	Importance	Status
	1320422	Please merge dbus 1.8.6-1 (main) from Debian testing (main)		dbus (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014061...
CONFIRM: https://bugs.freedeskt...
BID: 67986
DEBIAN: DSA-2971
SUSE: openSUSE-SU-2014:0821
SUSE: openSUSE-SU-2014:0874
SECUNIA: 59611
SECUNIA: 59428
SECUNIA: 59798
SUSE: openSUSE-SU-2014:1239
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:176
CONFIRM: http://cgit.freedeskto...