Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 16 Dec 2010 16:45:15 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Colin Walters <walters@...hat.com>
Subject: CVE Request -- D-BUS -- Stack frame overflow by validating message
 with excessive number of nested variants

Hello Josh, Steve, vendors,

   a stack frame overflow flaw was found in the way the D-BUS message
bus service / messaging facility validated messages with
excessive number of nested variants. A local, authenticated
user could use this flaw to cause dbus daemon to crash
due to a stack frame overflow (denial of service) via a
specially-crafted message sent to the system bus.

References:
[1] http://www.remlab.net/op/dbus-variant-recursion.shtml

Upstream bug report:
[2] https://bugs.freedesktop.org/show_bug.cgi?id=32321
     (not public at the moment yet)

Credit:
Rémi Denis-Courmont

Note: As noted in [1] this issue may also cause malfunction
       of some other daemons depending on d-bus. Some examples
       (from /var/log/messages on the affected host):

       Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from D-Bus, exiting.
       Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT, quitting.
       Dec 16 09:49:03 hostname NetworkManager[982]: <warn> disconnected by the system bus.
       Dec 16 09:49:03 hostname NetworkManager[982]: no sender
       Dec 16 09:49:03 hostname init: Disconnected from system bus

Could you allocate a CVE id for this issue?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ