oss-sec mailing list archives
Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 21 Dec 2010 11:03:36 +0100
Hello vendors, just FYI, particular bugzilla entry now opened: [1] https://bugs.freedesktop.org/show_bug.cgi?id=32321 Issue fixed in dbus-v1.4.1 release: [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321#c12 And relevant changeset (from c#13): [3] http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4 Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team > Please use CVE-2010-4352 > > Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov () redhat com> wrote: > > Hello Josh, Steve, vendors, > > > > a stack frame overflow flaw was found in the way the D-BUS message > > bus service / messaging facility validated messages with > > excessive number of nested variants. A local, authenticated > > user could use this flaw to cause dbus daemon to crash > > due to a stack frame overflow (denial of service) via a > > specially-crafted message sent to the system bus. > > > > References: > > [1] http://www.remlab.net/op/dbus-variant-recursion.shtml > > > > Upstream bug report: > > [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321 > > (not public at the moment yet) > > > > Credit: > > RĂ©mi Denis-Courmont > > > > Note: As noted in [1] this issue may also cause malfunction > > of some other daemons depending on d-bus. Some examples > > (from /var/log/messages on the affected host): > > > > Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from > > D-Bus, exiting. > > Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT, > > quitting. > > Dec 16 09:49:03 hostname NetworkManager[982]: <warn> > > disconnected by the system bus. > > Dec 16 09:49:03 hostname NetworkManager[982]: no sender > > Dec 16 09:49:03 hostname init: Disconnected from system bus > > > > Could you allocate a CVE id for this issue? > > > > Thanks && Regards, Jan. > > -- > > Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky (Dec 16)
- Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Josh Bressers (Dec 16)
- <Possible follow-ups>
- Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky (Dec 21)