Lucene search

PRIOn knowledge basePRION:CVE-2014-3636

HistoryOct 25, 2014 - 8:55 p.m.

Code injection

2014-10-2520:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

CPENameOperatorVersion
d-busle1.6.22
dbuseq1.8.0
dbuseq1.8.6
dbuseq1.8.4
dbuseq1.8.2
opensuseeq12.3

Name	Operator	Version
d-bus	le	1.6.22
dbus	eq	1.8.0
dbus	eq	1.8.6
dbus	eq	1.8.4
dbus	eq	1.8.2
opensuse	eq	12.3

References

advisories.mageia.org/MGASA-2014-0395.html

lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

secunia.com/advisories/61378

www.debian.org/security/2014/dsa-3026

www.mandriva.com/security/advisories?name=MDVSA-2015:176

www.openwall.com/lists/oss-security/2014/09/16/9

www.securitytracker.com/id/1030864

www.ubuntu.com/usn/USN-2352-1

bugs.freedesktop.org/show_bug.cgi?id=82820

6.4 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2014-3636