Upstream bug report: https://bugs.freedesktop.org/show_bug.cgi?id=17803 It is likely possible to send a message with a malformed signature which would cause the bus (or in general any process using libdbus to receive messages) to abort.
Do you know what versions of dbus are affected by this?
This code dates at least as far back as: commit 5e389fdf499c39926c61b47fcafb5e71291ce1a2 Author: John (J5) Palmieri <johnp> Date: Wed Jun 15 15:15:32 2005 +0000
According to brew the first build of dbus in RHEL is 2006, so I think this affects both EL4 and EL5. Does not affect EL3 or earlier as I don't believe DBus is shipped there.
By the way I could use some hand-holding with respect to how this should be handled upstream, things like if/how I allocate a CVE, etc. Note the bug was filed publicly so we can't embargo or anything like that.
Ping on this - I'd like to do a new upstream release with the fix and could use advice on how to do the announcement and CVE etc.
Sorry, I let this one slip through the cracks. We'll deal with it next week.
I've assigned CVE-2008-3834 to this, and I'm moving this bug to the security-response product.
dbus-1.2.4-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9
Created attachment 319837 [details] Patch applied to upstream dbus
dbus-1.2.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Direct link to upstream patch, as the attachment in comment #10 only contains URL of the upstream commit: http://gitweb.freedesktop.org/?p=dbus/dbus.git;a=commitdiff;h=7b10b46c5c8658449783ce45f1273dd35c353bce
This issue was fixed upstream in 1.2.4.
This was addressed via: Red Hat Enterprise Linux version 5 (RHSA-2009:0008)