Lucene search

FreeBSDC1930F45-6982-11E4-80E1-BCAEC565249C

HistoryNov 10, 2014 - 12:00 a.m.

dbus -- incomplete fix for CVE-2014-3636 part A

2014-11-1000:00:00

vuxml.freebsd.org

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Simon McVittie reports:

The patch issued by the D-Bus maintainers for CVE-2014-3636
was based on incorrect reasoning, and does not fully prevent
the attack described as “CVE-2014-3636 part A”, which is
repeated below. Preventing that attack requires raising the
system dbus-daemon’s RLIMIT_NOFILE (ulimit -n) to a higher
value. CVE-2014-7824 has been allocated for this
vulnerability.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdbus< 1.8.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	dbus	< 1.8.10	UNKNOWN

References

lists.freedesktop.org/archives/dbus/2014-November/016395.html

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for C1930F45-6982-11E4-80E1-BCAEC565249C