Bug 974109 (CVE-2013-2168)

Summary: CVE-2013-2168 dbus: Crash of system services that use libdbus (DoS) due to non-portable use of va_list in UNIX format string wrapper
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: lpoetter, rhughes, walters
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: dbus-1.4.26, dbus-1.6.12, dbus-1.7.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-19 09:12:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 974128    
Bug Blocks:    

Description Jan Lieskovsky 2013-06-13 12:45:13 UTC
A denial of service flaw was found in the way UNIX system D-BUS format string wrapper implementation of D-BUS, a system for sending messages between applications, used to measure the length of the provided format string and its arguments in certain circumstances. A remote attacker could supply a specially-crafted input to an application / service, utilizing the services / functionality of the libdbus library that, when processed would lead to that application / service crash.

[1] http://www.openwall.com/lists/oss-security/2013/06/13/2

Relevant upstream patch:
[2] http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7

Comment 1 Jan Lieskovsky 2013-06-13 12:53:13 UTC
Original upstream report for the issue that led to introduction of this problem:
[3] https://bugs.freedesktop.org/show_bug.cgi?id=11668

Upstream patch that introduced the issue (dbus-1.4.16 and dbus-1.5.8):
[4] http://cgit.freedesktop.org/dbus/dbus/commit/?id=7fc9c026669976463adcd1e02ad19c582ed27289

Comment 2 Jan Lieskovsky 2013-06-13 12:54:54 UTC
This issue did NOT affect the versions of the dbus package, as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not introduce the upstream change [4] yet).


This issue did NOT affect the version of the dbus package, as shipped with Fedora release of 17 (as it did not introduce the upstream change [4] yet).


This issue affects the version of the dbus package, as shipped with Fedora release of 18. Please schedule an update.

Comment 3 Jan Lieskovsky 2013-06-13 13:28:40 UTC
Created dbus tracking bugs for this issue

Affects: fedora-18 [bug 974128]

Comment 4 Jan Lieskovsky 2013-06-13 13:30:54 UTC

Not vulnerable. This issue did not affect the versions of dbus as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the upstream commit 7fc9c026669976463adcd1e02ad19c582ed27289 that introduced this issue.

Comment 8 Fedora Update System 2013-06-29 18:22:34 UTC
dbus-1.6.12-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.