D-Bus Denial of Service (CVE-2014-3637)
Release date:
Updated on:
Affected Systems:
D-Bus 1.8.x
Description:
Bugtraq id: 69829
CVE (CAN) ID: CVE-2014-3637
D-Bus is an asynchronous inter-process communication system. It is mainly used for system services or desktop sessions on Linux and other operating systems.
A Denial-of-Service vulnerability exists in implementation in versions earlier than D-Bus 1.8.8. The D-Bus connection of the hacker program created by a malicious local user cannot be interrupted by killing a specific process, which can cause DOS.
<* Source: Alban Crequy
*>
Suggestion:
Vendor patch:
D-Bus
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.freedesktop.org/wiki/Software/dbus/
Refer:
Https://www.debian.org/security/2014/dsa-3026
This article permanently updates the link address: