|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
D-Bus: denial of service via endianness
Synthesis of the vulnerability
A local attacker can send a D-Bus message with an invalid endianness, in order to stop the service.
Impacted products: Fedora, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity of this bulletin: 1/4.
Consequences of an intrusion: denial of service on service.
Hacker's origin: user shell.
Creation date: 13/06/2011.
Références of this threat: 38120, BID-48216, CVE-2011-2200, FEDORA-2011-9817, FEDORA-2011-9891, openSUSE-SU-2011:0880-1, RHSA-2011:1132-01, SUSE-SU-2011:0752-1, VIGILANCE-VUL-10725.
Description of the vulnerability
The D-Bus service is used by applications to communicate via messages sent on a bus.
The format of messages depends on the endianness (big endian or little endian) of the processor. The first byte of a D-Bus message indicates its endianness.
When the libdbus library processes a message with a different endianness, the _dbus_header_byteswap() function of the dbus/dbus-marshal-header.c file reverts the endianness of the message. In order to do so, it alters the data, however it forgets to alter the first byte of the message. As this first byte still indicates an incorrect endianness, applications decode invalid fields, which stop them.
A local attacker can therefore send a D-Bus message with an invalid endianness, in order to stop the service.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.