CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

UBUNTU-CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

dbus -- multiple vulnerabilities

Simon McVittie reports: Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...

RHEL 5 : Red Hat Enterprise MRG Messaging 2.2 update (Moderate) (RHSA-2012:1277)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1277 advisory. - qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS CVE-2012-2145 - qpid-cpp-server-cluster: unauthoriz...

Ubuntu 14.04 LTS : DBus vulnerabilities (USN-2275-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2275-1 advisory. Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local us...

dbus -- multiple vulnerabilities

Simon McVittie reports: Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...

ISC BIND <= 8.2.2,IRIX <= 6.5.17,Solaris 7.0 (NXT Overflow & Denial of Service) Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records. The consequence of this being exploited i...

WMMon 1.0 b2 Memory Character File Open File Descriptor Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file...

WMNet2 1.0 6 Kernel Memory File Descriptor Leakage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5719/info It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file...

Updated pdns & pdns-recursor packages fix a denial of service vulnerability

Updated pdns and pdns-recursor packages fix security vulnerability: PowerDNS recursor is vulnerable to a denial of service due to a bug that causes it to exhaust the maximum number of file descriptors that are available to a process. The pdns and pdns-recursor packages have been patched to fix th...

Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

MGASA-2014-0270 Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

openSUSE Security Update : sendmail (openSUSE-SU-2014:0804-1)

sendmail was updated to properly close file descriptors before executing programs. These security issues were fixed : - Not properly closing file descriptors before executing programs CVE-2014-3956. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

[oss-security] CVE request: PowerDNS in default configuration is vulnerable to DoS attack

It was found 1 that in default configuration PowerDNS is allowed to consume more file descriptors than is available for a default installation of many Linux distributions. Default configuration is: 2 threads / 2048 max-mthreads, which leads to a theoretical FD consumption of 4096. Default FD limi...

[slackware-security] sendmail

New sendmail packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/sendmail-8.14.9-i486-1slack14.1.txz: Upgraded. This release fixes one security related bug by properly...

CVE-2014-3956

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

Code injection

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

CVE-2014-3956

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

CVE-2014-3956

CVE-2014-3956 affects sendmail up to version 8.14.9, where the sm_close_on_exec function in conf.c has its arguments in the wrong order, causing FD_CLOEXEC flags not to be set. This can allow local users to access unintended high-numbered file descriptors via a custom mail-delivery program. The c...

CVE-2014-3956

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...