oss-sec mailing list archives
CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 16 Dec 2010 16:45:15 +0100
Hello Josh, Steve, vendors, a stack frame overflow flaw was found in the way the D-BUS message bus service / messaging facility validated messages with excessive number of nested variants. A local, authenticated user could use this flaw to cause dbus daemon to crash due to a stack frame overflow (denial of service) via a specially-crafted message sent to the system bus. References: [1] http://www.remlab.net/op/dbus-variant-recursion.shtml Upstream bug report: [2] https://bugs.freedesktop.org/show_bug.cgi?id=32321 (not public at the moment yet) Credit: RĂ©mi Denis-Courmont Note: As noted in [1] this issue may also cause malfunction of some other daemons depending on d-bus. Some examples (from /var/log/messages on the affected host): Dec 16 09:49:03 hostname avahi-daemon[30120]: Disconnected from D-Bus, exiting. Dec 16 09:49:03 hostname avahi-daemon[30120]: Got SIGQUIT, quitting. Dec 16 09:49:03 hostname NetworkManager[982]: <warn> disconnected by the system bus. Dec 16 09:49:03 hostname NetworkManager[982]: no sender Dec 16 09:49:03 hostname init: Disconnected from system bus Could you allocate a CVE id for this issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky (Dec 16)
- Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Josh Bressers (Dec 16)
- <Possible follow-ups>
- Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky (Dec 21)