Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 21 Dec 2010 11:03:36 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
CC: Colin Walters <walters@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Re: CVE Request -- D-BUS -- Stack frame overflow
 by validating message with excessive number of nested variants

Hello vendors,

   just FYI, particular bugzilla entry now opened:
   [1] https://bugs.freedesktop.org/show_bug.cgi?id=32321

   Issue fixed in dbus-v1.4.1 release:
   [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321#c12

   And relevant changeset (from c#13):
   [3] http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

 > Please use CVE-2010-4352
 >
 > Thanks.

-- JB ----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:
 > > Hello Josh, Steve, vendors,
 > >
 > >    a stack frame overflow flaw was found in the way the D-BUS message
 > > bus service / messaging facility validated messages with
 > > excessive number of nested variants. A local, authenticated
 > > user could use this flaw to cause dbus daemon to crash
 > > due to a stack frame overflow (denial of service) via a
 > > specially-crafted message sent to the system bus.
 > >
 > > References:
 > > [1] http://www.remlab.net/op/dbus-variant-recursion.shtml
 > >
 > > Upstream bug report:
 > > [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321
 > >      (not public at the moment yet)
 > >
 > > Credit:
 > > Rémi Denis-Courmont
 > >
 > > Note: As noted in [1] this issue may also cause malfunction
 > >        of some other daemons depending on d-bus. Some examples
 > >        (from /var/log/messages on the affected host):
 > >
 > >        Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from
 > > D-Bus, exiting.
 > >        Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT,
 > > quitting.
 > >        Dec 16 09:49:03 hostname NetworkManager[982]: <warn>
 > > disconnected by the system bus.
 > >        Dec 16 09:49:03 hostname NetworkManager[982]: no sender
 > >        Dec 16 09:49:03 hostname init: Disconnected from system bus
 > >
 > > Could you allocate a CVE id for this issue?
 > >
 > > Thanks && Regards, Jan.
 > > --
 > > Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ