oss-sec mailing list archives
Re: dbus denial of service: CVE-2022-42010, -42011, -42012
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Thu, 6 Oct 2022 13:00:03 -0400
On Thu, Oct 06, 2022 at 04:40:10PM +0100, Simon McVittie wrote:
On Thu, 06 Oct 2022 at 10:53:15 -0400, Demi Marie Obenour wrote:Is the memory corruption potentially exploitable for local privilege escalation?It is not known to be, but also not known not to be. I'm sure a sufficiently creative attacker can convert almost any memory corruption into arbitrary code execution, but exploit development is not my job (I'd rather fix the vulnerabilities!), so I have not attempted to weaponize this.
I, too, am not an exploit developer, but I agree with your conclusion.
Are clients using libdbus vulnerable if they are behind dbus-broker?I don't maintain dbus-broker and have not tested or audited it, so I don't know how much validation it does. I would hope that it would detect and prevent CVE-2022-42011 and CVE-2022-42010 (which involve invalid messages), but probably not CVE-2022-42012 (which involves a message that is odd but technically valid).
Should different-endian messages over AF_UNIX sockets just be rejected outright? -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)