Date: Thu, 16 Dec 2010 16:45:15 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com>, Colin Walters <walters@...hat.com> Subject: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Hello Josh, Steve, vendors, a stack frame overflow flaw was found in the way the D-BUS message bus service / messaging facility validated messages with excessive number of nested variants. A local, authenticated user could use this flaw to cause dbus daemon to crash due to a stack frame overflow (denial of service) via a specially-crafted message sent to the system bus. References:  http://www.remlab.net/op/dbus-variant-recursion.shtml Upstream bug report:  https://bugs.freedesktop.org/show_bug.cgi?id=32321 (not public at the moment yet) Credit: Rémi Denis-Courmont Note: As noted in  this issue may also cause malfunction of some other daemons depending on d-bus. Some examples (from /var/log/messages on the affected host): Dec 16 09:49:03 hostname avahi-daemon: Disconnected from D-Bus, exiting. Dec 16 09:49:03 hostname avahi-daemon: Got SIGQUIT, quitting. Dec 16 09:49:03 hostname NetworkManager: <warn> disconnected by the system bus. Dec 16 09:49:03 hostname NetworkManager: no sender Dec 16 09:49:03 hostname init: Disconnected from system bus Could you allocate a CVE id for this issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ