Main Vulnerability Database SB2015011203

SB2015011203 - Resource management error in dbus (Alpine package)

Published: January 12, 2015

Security Bulletin ID SB2015011203

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2014-7824)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=f947fc989a6cb4cdfdcd604b45c11c30c59704d1
https://git.alpinelinux.org/aports/commit/?id=1d67f16a00fe82e0f400e55290ce1fef66c8199f
https://git.alpinelinux.org/aports/commit/?id=1ff989c299cfc585cf70cce7e48649a200ea9df8