D-Bus Daemon versions prior to 1.2.4 remote denial of service exploit that uses a message with a malformed signature.
861cdf88bd58b60b9c5f7576049675820e167e1b3bd344ffabceb4395c096618Gentoo Linux Security Advisory GLSA 200901-04 - An error condition can cause D-Bus to crash. schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. Versions less than 1.2.3-r1 are affected.
e86dda15dbd223756769eb5a6cb0db3ff174fdfad0f95fb3aed50a8d3969a8c4Debian Security Advisory 1658-1 - Colin Walters discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack.
e2dc1d6f24abf61eb027035600e9019ef79f0978bf307741e9ca42b9769c4cc2Mandriva Linux Security Advisory - The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request. The updated packages have been patched to prevent this issue.
379ca0532059e870c50b5c132fee25d241aa91fe315b14b55ab7c0368dd2de36Ubuntu Security Notice 653-1 - Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies. If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a "send_interface" defined. It was discovered that the D-Bus library did not correctly validate certain corrupted signatures. If a local user sent a specially crafted D-Bus request, they could crash applications linked against the D-Bus library, leading to a denial of service.
c6ecb4a24a8541326d35924332ea02e73a30f69fe201a3a3991c2d9c1e9ab12c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed