Lucene search

[email protected]CVE-2014-3477

HistoryJul 01, 2014 - 5:55 p.m.

CVE-2014-3477

2014-07-0117:55:04

[email protected]

web.nvd.nist.gov

cve-2014-3477

d-bus

dbus-daemon

accessdenied error

denial of service

side-channel attack

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Affected configurations

NVD

Node

d-bus_projectd-busMatch1.2.4.2

d-bus_projectd-busMatch1.2.4.4

d-bus_projectd-busMatch1.2.4.6

freedesktopdbusMatch1.2.1

freedesktopdbusMatch1.2.3

freedesktopdbusMatch1.2.4

freedesktopdbusMatch1.2.6

freedesktopdbusMatch1.2.8

freedesktopdbusMatch1.2.10

freedesktopdbusMatch1.2.12

freedesktopdbusMatch1.2.14

freedesktopdbusMatch1.2.16

freedesktopdbusMatch1.2.18

freedesktopdbusMatch1.2.20

freedesktopdbusMatch1.2.22

freedesktopdbusMatch1.2.24

freedesktopdbusMatch1.2.26

freedesktopdbusMatch1.2.28

freedesktopdbusMatch1.2.30

freedesktopdbusMatch1.3.0

freedesktopdbusMatch1.3.1

freedesktopdbusMatch1.4.0

freedesktopdbusMatch1.4.1

freedesktopdbusMatch1.4.4

freedesktopdbusMatch1.4.6

freedesktopdbusMatch1.4.8

freedesktopdbusMatch1.4.10

freedesktopdbusMatch1.4.12

freedesktopdbusMatch1.4.14

freedesktopdbusMatch1.4.16

freedesktopdbusMatch1.4.18

freedesktopdbusMatch1.4.20

freedesktopdbusMatch1.4.22

freedesktopdbusMatch1.4.24

freedesktopdbusMatch1.4.26

freedesktopdbusMatch1.6.0

freedesktopdbusMatch1.6.2

freedesktopdbusMatch1.6.4

freedesktopdbusMatch1.6.6

freedesktopdbusMatch1.6.8

freedesktopdbusMatch1.6.10

freedesktopdbusMatch1.6.12

freedesktopdbusMatch1.6.14

freedesktopdbusMatch1.6.16

freedesktopdbusMatch1.6.18

freedesktopdbusMatch1.8.0

freedesktopdbusMatch1.8.2

CPENameOperatorVersion
d-bus_project:d-busd-bus project d-buseq1.2.4.2
d-bus_project:d-busd-bus project d-buseq1.2.4.4
d-bus_project:d-busd-bus project d-buseq1.2.4.6
freedesktop:dbusfreedesktop dbuseq1.2.1
freedesktop:dbusfreedesktop dbuseq1.2.3
freedesktop:dbusfreedesktop dbuseq1.2.4
freedesktop:dbusfreedesktop dbuseq1.2.6
freedesktop:dbusfreedesktop dbuseq1.2.8
freedesktop:dbusfreedesktop dbuseq1.2.10
freedesktop:dbusfreedesktop dbuseq1.2.12

CPE	Name	Operator	Version
d-bus_project:d-bus	d-bus project d-bus	eq	1.2.4.2
d-bus_project:d-bus	d-bus project d-bus	eq	1.2.4.4
d-bus_project:d-bus	d-bus project d-bus	eq	1.2.4.6
freedesktop:dbus	freedesktop dbus	eq	1.2.1
freedesktop:dbus	freedesktop dbus	eq	1.2.3
freedesktop:dbus	freedesktop dbus	eq	1.2.4
freedesktop:dbus	freedesktop dbus	eq	1.2.6
freedesktop:dbus	freedesktop dbus	eq	1.2.8
freedesktop:dbus	freedesktop dbus	eq	1.2.10
freedesktop:dbus	freedesktop dbus	eq	1.2.12