SB2014102210 - Resource management error in dbus (Alpine package)
Published: October 22, 2014
Security Bulletin ID
SB2014102210
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-3636)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=256f4e7e9f920e61c9a0f213d108851dd6eee97c
- https://git.alpinelinux.org/aports/commit/?id=d02e78275a3bb690d9d8099bf31ff92e3a9e68fe
- https://git.alpinelinux.org/aports/commit/?id=805a5164875cd3f789db8929be1b6c9380f98d98
- https://git.alpinelinux.org/aports/commit/?id=c3b756f3144debef12e39f410d862ad4a3a4f3d1