Lucene search

[email protected]NVD:CVE-2014-3477

HistoryJul 01, 2014 - 5:55 p.m.

CVE-2014-3477

2014-07-0117:55:04

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.5

Confidence

High

EPSS

Percentile

10.1%

JSON

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Affected configurations

Nvd

Node

d-bus_projectd-busMatch1.2.4.2

d-bus_projectd-busMatch1.2.4.4

d-bus_projectd-busMatch1.2.4.6

freedesktopdbusMatch1.2.1

freedesktopdbusMatch1.2.3

freedesktopdbusMatch1.2.4

freedesktopdbusMatch1.2.6

freedesktopdbusMatch1.2.8

freedesktopdbusMatch1.2.10

freedesktopdbusMatch1.2.12

freedesktopdbusMatch1.2.14

freedesktopdbusMatch1.2.16

freedesktopdbusMatch1.2.18

freedesktopdbusMatch1.2.20

freedesktopdbusMatch1.2.22

freedesktopdbusMatch1.2.24

freedesktopdbusMatch1.2.26

freedesktopdbusMatch1.2.28

freedesktopdbusMatch1.2.30

freedesktopdbusMatch1.3.0

freedesktopdbusMatch1.3.1

freedesktopdbusMatch1.4.0

freedesktopdbusMatch1.4.1

freedesktopdbusMatch1.4.4

freedesktopdbusMatch1.4.6

freedesktopdbusMatch1.4.8

freedesktopdbusMatch1.4.10

freedesktopdbusMatch1.4.12

freedesktopdbusMatch1.4.14

freedesktopdbusMatch1.4.16

freedesktopdbusMatch1.4.18

freedesktopdbusMatch1.4.20

freedesktopdbusMatch1.4.22

freedesktopdbusMatch1.4.24

freedesktopdbusMatch1.4.26

freedesktopdbusMatch1.6.0

freedesktopdbusMatch1.6.2

freedesktopdbusMatch1.6.4

freedesktopdbusMatch1.6.6

freedesktopdbusMatch1.6.8

freedesktopdbusMatch1.6.10

freedesktopdbusMatch1.6.12

freedesktopdbusMatch1.6.14

freedesktopdbusMatch1.6.16

freedesktopdbusMatch1.6.18

freedesktopdbusMatch1.8.0

freedesktopdbusMatch1.8.2

VendorProductVersionCPE
d-bus_projectd-bus1.2.4.2cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*
d-bus_projectd-bus1.2.4.4cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:*
d-bus_projectd-bus1.2.4.6cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:*
freedesktopdbus1.2.1cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
freedesktopdbus1.2.3cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
freedesktopdbus1.2.4cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
freedesktopdbus1.2.6cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
freedesktopdbus1.2.8cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
freedesktopdbus1.2.10cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
freedesktopdbus1.2.12cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
d-bus_project	d-bus	1.2.4.2	cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:::::::*
d-bus_project	d-bus	1.2.4.4	cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:::::::*
d-bus_project	d-bus	1.2.4.6	cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:::::::*
freedesktop	dbus	1.2.1	cpe:2.3:a:freedesktop:dbus:1.2.1:::::::*
freedesktop	dbus	1.2.3	cpe:2.3:a:freedesktop:dbus:1.2.3:::::::*
freedesktop	dbus	1.2.4	cpe:2.3:a:freedesktop:dbus:1.2.4:::::::*
freedesktop	dbus	1.2.6	cpe:2.3:a:freedesktop:dbus:1.2.6:::::::*
freedesktop	dbus	1.2.8	cpe:2.3:a:freedesktop:dbus:1.2.8:::::::*
freedesktop	dbus	1.2.10	cpe:2.3:a:freedesktop:dbus:1.2.10:::::::*
freedesktop	dbus	1.2.12	cpe:2.3:a:freedesktop:dbus:1.2.12:::::::*