Summary: | <sys-apps/dbus-1.4.12: Local Denial of Service vulnerability: byteswapping a message doesn't change the byte-order mark (CVE-2011-2200) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Samuli Suominen (RETIRED) <ssuominen> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt, freedesktop-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.freedesktop.org/show_bug.cgi?id=38120 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Samuli Suominen (RETIRED)
2011-06-12 13:12:21 UTC
From NEWS: D-Bus 1.4.12 (2011-06-10) == Security (local denial of service): • Byte-swap foreign-endian messages correctly, preventing a long-standing local DoS if foreign-endian messages are relayed through the dbus-daemon (backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7) (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie) amd64 ok Thanks, Samuli. Just for the record ;) Arches, please test and mark stable: =sys-apps/dbus-1.4.12 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" @Paweł I think that for security bug(s) we can skip a test failure, so it shouldn't be as a blocker. amd64: Does fail test, already filed. Unset test and emerge ok. Stable for HPPA. amd64 done. Thanks Agostino and Ian ppc done CVE-2011-2200 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2200): The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. arm/ia64/s390/sh/sparc/x86 stable ppc64 stable, last arch done Thanks, folks. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201110-14 at http://security.gentoo.org/glsa/glsa-201110-14.xml by GLSA coordinator Stefan Behte (craig). |