CVE-2014-3477

EUVD-2014-3486
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
d-bus_projectd-bus
1.2.4.2
d-bus_projectd-bus
1.2.4.4
d-bus_projectd-bus
1.2.4.6
freedesktopdbus
1.2.1
freedesktopdbus
1.2.3
freedesktopdbus
1.2.4
freedesktopdbus
1.2.6
freedesktopdbus
1.2.8
freedesktopdbus
1.2.10
freedesktopdbus
1.2.12
freedesktopdbus
1.2.14
freedesktopdbus
1.2.16
freedesktopdbus
1.2.18
freedesktopdbus
1.2.20
freedesktopdbus
1.2.22
freedesktopdbus
1.2.24
freedesktopdbus
1.2.26
freedesktopdbus
1.2.28
freedesktopdbus
1.2.30
freedesktopdbus
1.3.0
freedesktopdbus
1.3.1
freedesktopdbus
1.4.0
freedesktopdbus
1.4.1
freedesktopdbus
1.4.4
freedesktopdbus
1.4.6
freedesktopdbus
1.4.8
freedesktopdbus
1.4.10
freedesktopdbus
1.4.12
freedesktopdbus
1.4.14
freedesktopdbus
1.4.16
freedesktopdbus
1.4.18
freedesktopdbus
1.4.20
freedesktopdbus
1.4.22
freedesktopdbus
1.4.24
freedesktopdbus
1.4.26
freedesktopdbus
1.6.0
freedesktopdbus
1.6.2
freedesktopdbus
1.6.4
freedesktopdbus
1.6.6
freedesktopdbus
1.6.8
freedesktopdbus
1.6.10
freedesktopdbus
1.6.12
freedesktopdbus
1.6.14
freedesktopdbus
1.6.16
freedesktopdbus
1.6.18
freedesktopdbus
1.8.0
freedesktopdbus
1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bookworm
1.14.10-1~deb12u1
fixed
bullseye
1.12.28-0+deb11u1
fixed
bullseye (security)
1.12.24-0+deb11u1
fixed
sid
1.14.10-6
fixed
squeeze
no-dsa
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
lucid
ignored
precise
Fixed 1.4.18-1ubuntu1.5
released
saucy
Fixed 1.6.12-0ubuntu10.1
released
trusty
Fixed 1.6.18-0ubuntu4.1
released
References
http://advisories.mageia.org/MGASA-2014-0266.html
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://seclists.org/oss-sec/2014/q2/509
http://secunia.com/advisories/59428
http://secunia.com/advisories/59611
http://secunia.com/advisories/59798
http://www.debian.org/security/2014/dsa-2971
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.securityfocus.com/bid/67986
https://bugs.freedesktop.org/show_bug.cgi?id=78979
http://advisories.mageia.org/MGASA-2014-0266.html
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://seclists.org/oss-sec/2014/q2/509
http://secunia.com/advisories/59428
http://secunia.com/advisories/59611
http://secunia.com/advisories/59798
http://www.debian.org/security/2014/dsa-2971
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.securityfocus.com/bid/67986
https://bugs.freedesktop.org/show_bug.cgi?id=78979