Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants

[Josh Bressers <bressers () redhat com>]

Please use CVE-2010-4352

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

> Hello Josh, Steve, vendors,
>
>    a stack frame overflow flaw was found in the way the D-BUS message
> bus service / messaging facility validated messages with
> excessive number of nested variants. A local, authenticated
> user could use this flaw to cause dbus daemon to crash
> due to a stack frame overflow (denial of service) via a
> specially-crafted message sent to the system bus.
>
> References:
> [1] http://www.remlab.net/op/dbus-variant-recursion.shtml
>
> Upstream bug report:
> [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321
>      (not public at the moment yet)
>
> Credit:
> Rémi Denis-Courmont
>
> Note: As noted in [1] this issue may also cause malfunction
>        of some other daemons depending on d-bus. Some examples
>        (from /var/log/messages on the affected host):
>
>        Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from
> D-Bus, exiting.
>        Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT,
> quitting.
>        Dec 16 09:49:03 hostname NetworkManager[982]: <warn>
> disconnected by the system bus.
>        Dec 16 09:49:03 hostname NetworkManager[982]: no sender
>        Dec 16 09:49:03 hostname init: Disconnected from system bus
>
> Could you allocate a CVE id for this issue?
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team