[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: Re: [oss-security] CVE Request -- D-BUS -- Stack frame overflow
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2010-12-21 10:03:36
Message-ID: 4D107B78.3060709 () redhat ! com
[Download RAW message or body]
Hello vendors,
just FYI, particular bugzilla entry now opened:
[1] https://bugs.freedesktop.org/show_bug.cgi?id=32321
Issue fixed in dbus-v1.4.1 release:
[2] https://bugs.freedesktop.org/show_bug.cgi?id=32321#c12
And relevant changeset (from c#13):
[3] http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
> Please use CVE-2010-4352
>
> Thanks.
-- JB ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> > Hello Josh, Steve, vendors,
> >
> > a stack frame overflow flaw was found in the way the D-BUS message
> > bus service / messaging facility validated messages with
> > excessive number of nested variants. A local, authenticated
> > user could use this flaw to cause dbus daemon to crash
> > due to a stack frame overflow (denial of service) via a
> > specially-crafted message sent to the system bus.
> >
> > References:
> > [1] http://www.remlab.net/op/dbus-variant-recursion.shtml
> >
> > Upstream bug report:
> > [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321
> > (not public at the moment yet)
> >
> > Credit:
> > Rémi Denis-Courmont
> >
> > Note: As noted in [1] this issue may also cause malfunction
> > of some other daemons depending on d-bus. Some examples
> > (from /var/log/messages on the affected host):
> >
> > Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from
> > D-Bus, exiting.
> > Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT,
> > quitting.
> > Dec 16 09:49:03 hostname NetworkManager[982]: <warn>
> > disconnected by the system bus.
> > Dec 16 09:49:03 hostname NetworkManager[982]: no sender
> > Dec 16 09:49:03 hostname init: Disconnected from system bus
> >
> > Could you allocate a CVE id for this issue?
> >
> > Thanks && Regards, Jan.
> > --
> > Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic