Back to search
CVE-2014-3477
Published: Jul 1, 2014
Modified: Jan 16, 2025
PUBLISHED
Description
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
59798
third-party-advisory
x_refsource_SECUNIA
59611
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:1239
vendor-advisory
x_refsource_SUSE
67986
vdb-entry
x_refsource_BID
openSUSE-SU-2014:0874
vendor-advisory
x_refsource_SUSE
[oss-security] 20140610 CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon
mailing-list
x_refsource_MLIST
openSUSE-SU-2014:0821
vendor-advisory
x_refsource_SUSE
http://advisories.mageia.org/MGASA-2014-0266.html
x_refsource_CONFIRM
59428
third-party-advisory
x_refsource_SECUNIA
https://bugs.freedesktop.org/show_bug.cgi?id=78979
x_refsource_CONFIRM
DSA-2971
vendor-advisory
x_refsource_DEBIAN
MDVSA-2015:176
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now