Bug 712676 (CVE-2011-2200)
Summary: | CVE-2011-2200 dbus: Local DoS via messages with non-native byte order | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | lpoetter, mclasen, rhughes, walters, walters | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | dbus 1.1.28, dbus 1.4.12, dbus 1.5.4 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2013-03-26 16:49:56 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 712678, 725311, 725312, 725313, 725314, 833886, 844273 | ||||||||
Bug Blocks: | 712679 | ||||||||
Attachments: |
|
Description
Jan Lieskovsky
2011-06-12 12:36:10 UTC
This issue affect the versions of the dbus package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the dbus package, as shipped with Fedora release of 13, 14, and 15. Please schedule an update. Created dbus tracking bugs for this issue Affects: fedora-all [bug 712678] CVE Request: [5] http://www.openwall.com/lists/oss-security/2011/06/12/1 The CVE identifier of CVE-2011-2200 has been assigned to this: http://www.openwall.com/lists/oss-security/2011/06/13/12 *** Bug 719694 has been marked as a duplicate of this bug. *** Created attachment 514650 [details]
dbus test
Comment #6 has an attached test program to check if the version of dbus is affected by the vuln. To compile it use: gcc -o marshal `pkg-config --cflags --libs glib-2.0 dbus-1` marshal.c Running this on Fedora-15 with dbus-1.4.6-4.fc15.x86_64 we get: [huzaifas@babylon test]$ ./marshal /demarshal/le: OK /demarshal/be: ** ERROR:marshal.c:195:test_endian: assertion failed (get_uint32 (output, OFFSET_BODY_LENGTH, output[0]) == 8): (134217728 == 8) Aborted (core dumped) This shows that dbus-1.4.6 is affected. Created attachment 514654 [details]
patch against dbus-1.4.6-4
After applying the patch in Comment #8: [huzaifas@babylon test]$ ./marshal /demarshal/le: OK /demarshal/be: OK /demarshal/needed/le: OK /demarshal/needed/be: OK This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:1132 https://rhn.redhat.com/errata/RHSA-2011-1132.html |