Bug 218055 - CVE-2006-6107 D-Bus denial of service
CVE-2006-6107 D-Bus denial of service
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dbus (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Zeuthen
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-12-01 11:16 EST by Josh Bressers
Modified: 2013-03-05 22:48 EST (History)
4 users (show)

See Also:
Fixed In Version: RHSA-2007-0008
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-08 03:39:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
FreeDesktop.org 9142 None None None Never

  None (edit)
Description Josh Bressers 2006-12-01 11:16:38 EST
Kimmo Hämäläinen reported a DoS flaw in D-Bus to the freedesktop.org
bugzilla.  To quote his bug:

        I found a nasty bug from match_rule_equal() that can cause matches
        to be removed from another connections (thanks goes to other guys
        for finding reproducable use case for the bug).

This flaw can cause a local user to disable the the ability of another
process to receive certain messages.  This flaw does not contain any
potential for arbitrary code execution.  Here is a more details description
from Kimmo:

        We don't have the software public yet, but the use case was the
        following.  There are three processes A, B, and C. All of them add
        the same match (same value). A is started first, then B, and lastly
        C. Now, B and C are closed: if B is closed before C, A's match is
        removed; but if C is closed before B, A's match is not removed (no
        buggy behaviour). (B and C call dbus_bus_remove_match on exit.)
Comment 1 David Zeuthen 2006-12-01 13:16:51 EST
What's the upstream bug reference?
Comment 2 Josh Bressers 2006-12-01 14:40:44 EST
I'm adding a reference to the upstream bug.  This is going to affect REHL5 also,
but I won't file a bug for that until after the embargo (too many embargoed bugs
cause trouble)
Comment 3 David Zeuthen 2006-12-11 12:58:55 EST
Please add me (david@fubar.dk) to the upstream bug and/or post the patch here.
Then I can get packages built. Thanks.
Comment 4 Josh Bressers 2006-12-11 15:15:10 EST
OK, You're added to the upstream bug.
Comment 6 David Zeuthen 2006-12-11 16:16:46 EST
Upstream patch is for D-Bus 0.61 - RHEL-4 ships 0.22. Let me ask upstream.
Comment 13 Josh Bressers 2006-12-13 17:02:27 EST
Lifting embargo.
This will be fixed in RHSA-2006:0757
Comment 23 Red Hat Bugzilla 2007-02-08 03:39:41 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.