The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
D-bus Project
  • D-bus
Freedesktop
  • Dbus

Configuration 1 [-]

OR cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.28:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.2.30:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://advisories.mageia.org/MGASA-2014-0266.html cve-icon cve-icon
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567 cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html cve-icon cve-icon
http://seclists.org/oss-sec/2014/q2/509 cve-icon cve-icon
http://secunia.com/advisories/59428 cve-icon cve-icon
http://secunia.com/advisories/59611 cve-icon cve-icon
http://secunia.com/advisories/59798 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2971 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 cve-icon cve-icon
http://www.securityfocus.com/bid/67986 cve-icon cve-icon
https://bugs.freedesktop.org/show_bug.cgi?id=78979 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-3477 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-3477 cve-icon
History

Thu, 16 Jan 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-01-16T20:11:35.974Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3477

cve-icon Vulnrichment

Updated: 2024-08-06T10:43:06.078Z

cve-icon NVD

Status : Modified

Published: 2014-07-01T17:55:04.277

Modified: 2025-01-16T21:15:12.840

Link: CVE-2014-3477

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-06-10T00:00:00Z

Links: CVE-2014-3477 - Bugzilla