Date: Thu, 16 Dec 2010 15:49:37 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Colin Walters <walters@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Please use CVE-2010-4352 Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote: > Hello Josh, Steve, vendors, > > a stack frame overflow flaw was found in the way the D-BUS message > bus service / messaging facility validated messages with > excessive number of nested variants. A local, authenticated > user could use this flaw to cause dbus daemon to crash > due to a stack frame overflow (denial of service) via a > specially-crafted message sent to the system bus. > > References: >  http://www.remlab.net/op/dbus-variant-recursion.shtml > > Upstream bug report: >  https://bugs.freedesktop.org/show_bug.cgi?id=32321 > (not public at the moment yet) > > Credit: > Rémi Denis-Courmont > > Note: As noted in  this issue may also cause malfunction > of some other daemons depending on d-bus. Some examples > (from /var/log/messages on the affected host): > > Dec 16 09:49:03 hostname avahi-daemon: Disconnected from > D-Bus, exiting. > Dec 16 09:49:03 hostname avahi-daemon: Got SIGQUIT, > quitting. > Dec 16 09:49:03 hostname NetworkManager: <warn> > disconnected by the system bus. > Dec 16 09:49:03 hostname NetworkManager: no sender > Dec 16 09:49:03 hostname init: Disconnected from system bus > > Could you allocate a CVE id for this issue? > > Thanks && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ