Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 348766 (CVE-2010-4352) - <sys-apps/dbus-1.4.1: Local Denial of Service Vulnerability (CVE-2010-4352)
Summary: <sys-apps/dbus-1.4.1: Local Denial of Service Vulnerability (CVE-2010-4352)
Status: RESOLVED FIXED
Alias: CVE-2010-4352
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.remlab.net/op/dbus-variant...
Whiteboard: A3 [glsa]
Keywords:
: 343323 (view as bug list)
Depends on:
Blocks: CVE-2010-1172 349052 349053
  Show dependency tree
 
Reported: 2010-12-15 06:21 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-21 21:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-12-15 06:21:24 UTC
From $URL:

The D-Bus message format provides four different container types: array, structure, dictionary entry and variant. The format specification explicitly forbids more than 32 level of nesting for arrays as well as for structures, inside a message signature. Dictionary entries can also not be nested to more than 32 levels (within a single signature) as they can only be inside arrays. There is however no limit on nesting variants, other than the total message size limit.

When a D-Bus message is received, libdbus will always check that the message is well-formatted. In doing so, it will recursively check any variant found in the message. If the message contains an excessive number of nested variants, function calls recursion will get too deep, the call stack will overflow, and the process will experience a segmentation fault.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-12-16 22:49:12 UTC
The upstream bug _may_ be at: https://bugs.freedesktop.org/show_bug.cgi?id=32321
Comment 2 Samuli Suominen gentoo-dev 2010-12-21 18:06:06 UTC
*** Bug 343323 has been marked as a duplicate of this bug. ***
Comment 3 Samuli Suominen gentoo-dev 2010-12-21 18:07:51 UTC
Please test & stabilize:

=sys-apps/dbus-1.4.1
=dev-libs/dbus-glib-0.88
Comment 4 Gilles Dartiguelongue gentoo-dev 2010-12-21 18:26:40 UTC
Are Council issues preventing stabilization of dbus-1.4.0 resolved in 1.4.1 ?
Comment 5 Samuli Suominen gentoo-dev 2010-12-21 18:32:27 UTC
(In reply to comment #4)
> Are Council issues preventing stabilization of dbus-1.4.0 resolved in 1.4.1 ?
> 

There are no issues to solve in dbus, but if council wanted a news item, it should be sent right about, now.
Comment 6 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2010-12-22 02:10:22 UTC
The deadline set in the last council meeting ends in about 22 hours - just before 0000UTC Thursday 20101223.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-12-22 11:57:00 UTC
x86 stable
Comment 8 Samuli Suominen gentoo-dev 2010-12-22 13:34:18 UTC
amd64/ppc64 stable too
Comment 9 Jeroen Roovers gentoo-dev 2010-12-23 16:32:21 UTC
Stable for HPPA.
Comment 10 Markus Meier gentoo-dev 2010-12-27 12:42:21 UTC
arm stable
Comment 11 Tobias Klausmann gentoo-dev 2011-01-02 15:11:49 UTC
Stable on alpha.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2011-01-04 17:57:06 UTC
ia64/s390/sh/sparc stable
Comment 13 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-11 11:37:32 UTC
ppc stable, last arch done
Comment 14 Tim Sammut (RETIRED) gentoo-dev 2011-01-11 16:01:10 UTC
Thanks, folks. GLSA request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:37:24 UTC
CVE-2010-4352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4352):
  Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows
  local users to cause a denial of service (daemon crash) via a message
  containing many nested variants.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-21 21:19:09 UTC
This issue was resolved and addressed in
 GLSA 201110-14 at http://security.gentoo.org/glsa/glsa-201110-14.xml
by GLSA coordinator Stefan Behte (craig).