CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
5.1%
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as “CVE-2014-3636 part A”, which is repeated below. Preventing that attack requires raising the system dbus-daemon’s RLIMIT_NOFILE (ulimit -n) to a higher value. By queuing up the maximum allowed number of fds, a malicious sender could reach the system dbus-daemon’s RLIMIT_NOFILE (ulimit -n, typically 1024 on Linux). This would act as a denial of service in two ways: * new clients would be unable to connect to the dbus-daemon * when receiving a subsequent message from a non-malicious client that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag, indicating that the list of fds was truncated; kernel fd-passing APIs do not provide any way to recover from that, so dbus-daemon responds to MSG_CTRUNC by disconnecting the sender, causing denial of service to that sender. This update resolves the issue (CVE-2014-7824). Also default auth_timeout that was changed from 30s to 5s in MGASA-2014-0395, and raised to 20s in MGAA-2014-0182 is now changed back to 30s as there still are reports about failing dbus connections.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | dbus | < 1.6.8-4.8 | dbus-1.6.8-4.8.mga3 |
Mageia | 4 | noarch | dbus | < 1.6.18-1.8 | dbus-1.6.18-1.8.mga4 |