Bug 1849041 (CVE-2020-12049)
| Summary: | CVE-2020-12049 dbus: denial of service via file descriptor leak | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | amigadave, caillon+fedoraproject, csvoboda, dking, gnome-sig, gparvin, john.j5live, jramanat, jweiser, lpoetter, mclasen, mmatsuya, rhughes, rstrode, sandmann, stcannon, tfister, tgunders, thee, walters |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | dbus 1.13.16, dbus 1.12.18, dbus 1.10.30 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket, to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. As a result, the system may become unusable for other users, and some services may stop working. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-07-13 13:27:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1849042, 1851991, 1851992, 1851994, 1851995, 1851996, 1851997, 1860089, 1870641, 1870642, 1889758 | ||
| Bug Blocks: | 1849043 | ||
|
Description
Dhananjay Arunesh
2020-06-19 14:03:40 UTC
Created dbus tracking bugs for this issue: Affects: fedora-all [bug 1849042] Upstream fix: https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Function _dbus_read_socket_with_unix_fds() does not close the opened file descriptors when the control data of the message was truncated. This leaks some file descriptors. If multiple file descriptor are leaked, the dbus process can reach its RLIMIT_NOFILE limit enforced by the system, thus when later some service tries to use the bus, DBus is not able to operate properly because it cannot allocate more file descriptors. As DBus is nowadays used by multiple services, the system becomes almost unusable. Statement: This issue did not affect the versions of dbus as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include the vulnerable code. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2894 https://access.redhat.com/errata/RHSA-2020:2894 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12049 How is this closed? RHEL8 is affected and there is no security advisory. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3014 https://access.redhat.com/errata/RHSA-2020:3014 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3044 https://access.redhat.com/errata/RHSA-2020:3044 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3298 https://access.redhat.com/errata/RHSA-2020:3298 |