![]() |
|
Date: Thu, 16 Dec 2010 16:45:15 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com>, Colin Walters <walters@...hat.com> Subject: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Hello Josh, Steve, vendors, a stack frame overflow flaw was found in the way the D-BUS message bus service / messaging facility validated messages with excessive number of nested variants. A local, authenticated user could use this flaw to cause dbus daemon to crash due to a stack frame overflow (denial of service) via a specially-crafted message sent to the system bus. References: [1] http://www.remlab.net/op/dbus-variant-recursion.shtml Upstream bug report: [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321 (not public at the moment yet) Credit: Rémi Denis-Courmont Note: As noted in [1] this issue may also cause malfunction of some other daemons depending on d-bus. Some examples (from /var/log/messages on the affected host): Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from D-Bus, exiting. Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT, quitting. Dec 16 09:49:03 hostname NetworkManager[982]: <warn> disconnected by the system bus. Dec 16 09:49:03 hostname NetworkManager[982]: no sender Dec 16 09:49:03 hostname init: Disconnected from system bus Could you allocate a CVE id for this issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.