VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-4352
dbus: Stack consumption vulnerability in D-Bus (aka DBus)...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4352

Original

Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-12-30
Source Information Category:
Advisory, Alert
Last Updated:
2010-12-30




Affected Product Tags
cpe:/a:freedesktop:dbus:0.1
cpe:/a:freedesktop:dbus:0.10
cpe:/a:freedesktop:dbus:0.11
cpe:/a:freedesktop:dbus:0.12
cpe:/a:freedesktop:dbus:0.13
cpe:/a:freedesktop:dbus:0.2
cpe:/a:freedesktop:dbus:0.20
cpe:/a:freedesktop:dbus:0.21
cpe:/a:freedesktop:dbus:0.22
cpe:/a:freedesktop:dbus:0.23
cpe:/a:freedesktop:dbus:0.23.1
cpe:/a:freedesktop:dbus:0.23.2
cpe:/a:freedesktop:dbus:0.23.3
cpe:/a:freedesktop:dbus:0.3
cpe:/a:freedesktop:dbus:0.31
cpe:/a:freedesktop:dbus:0.32
cpe:/a:freedesktop:dbus:0.33
cpe:/a:freedesktop:dbus:0.34
cpe:/a:freedesktop:dbus:0.35
cpe:/a:freedesktop:dbus:0.35.1
cpe:/a:freedesktop:dbus:0.35.2
cpe:/a:freedesktop:dbus:0.36
cpe:/a:freedesktop:dbus:0.36.1
cpe:/a:freedesktop:dbus:0.36.2
cpe:/a:freedesktop:dbus:0.4
cpe:/a:freedesktop:dbus:0.5
cpe:/a:freedesktop:dbus:0.50
cpe:/a:freedesktop:dbus:0.6
cpe:/a:freedesktop:dbus:0.60
cpe:/a:freedesktop:dbus:0.61
cpe:/a:freedesktop:dbus:0.62
cpe:/a:freedesktop:dbus:0.7
cpe:/a:freedesktop:dbus:0.8
cpe:/a:freedesktop:dbus:0.9
cpe:/a:freedesktop:dbus:0.90
cpe:/a:freedesktop:dbus:0.91
cpe:/a:freedesktop:dbus:0.92
cpe:/a:freedesktop:dbus:1.0
cpe:/a:freedesktop:dbus:1.0.2
cpe:/a:freedesktop:dbus:1.0:rc1
cpe:/a:freedesktop:dbus:1.0:rc2
cpe:/a:freedesktop:dbus:1.0:rc3
cpe:/a:freedesktop:dbus:1.1.0
cpe:/a:freedesktop:dbus:1.1.1
cpe:/a:freedesktop:dbus:1.1.2
cpe:/a:freedesktop:dbus:1.1.20
cpe:/a:freedesktop:dbus:1.1.4
cpe:/a:freedesktop:dbus:1.2.1
cpe:/a:freedesktop:dbus:1.2.10
cpe:/a:freedesktop:dbus:1.2.12
cpe:/a:freedesktop:dbus:1.2.14
cpe:/a:freedesktop:dbus:1.2.16
cpe:/a:freedesktop:dbus:1.2.18
cpe:/a:freedesktop:dbus:1.2.20
cpe:/a:freedesktop:dbus:1.2.22
cpe:/a:freedesktop:dbus:1.2.24
cpe:/a:freedesktop:dbus:1.2.26
cpe:/a:freedesktop:dbus:1.2.3
cpe:/a:freedesktop:dbus:1.2.4
cpe:/a:freedesktop:dbus:1.2.6
cpe:/a:freedesktop:dbus:1.2.8
cpe:/a:freedesktop:dbus:1.3.0
cpe:/a:freedesktop:dbus:1.3.1
cpe:/a:freedesktop:dbus:1.4.0 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 45377




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=663673




CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=32321




CONFIRM http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4




FEDORA FEDORA-2010-19166




MISC http://www.remlab.net/op/dbus-variant-recursion.shtml




MLIST [oss-security] 20101216 Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants




MLIST [oss-security] 20101216 CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants




MLIST [oss-security] 20101221 Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants




SECUNIA 42760




SECUNIA 42580




VUPEN ADV-2010-3325




Vulnerability Type Resource Management Errors (CWE-399)




Copyright © 2010 JPCERT/CC All Rights Reserved.