#VU32841 Resource management error in dbus - CVE-2010-4352

Cybersecurity Help s.r.o.

Published: 2010-12-30 | Updated: 2020-07-28

Vulnerability identifier: #VU32841

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-4352

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
dbus
Universal components / Libraries / Libraries used by multiple products

Vendor: Freedesktop.org

Description

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

Mitigation
Install update from vendor's website.

Vulnerable software versions

dbus: 1.4.0

External links
https://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html
https://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
https://openwall.com/lists/oss-security/2010/12/16/3
https://openwall.com/lists/oss-security/2010/12/16/6
https://openwall.com/lists/oss-security/2010/12/21/3
https://secunia.com/advisories/42580
https://secunia.com/advisories/42760
https://secunia.com/advisories/42911
https://secunia.com/advisories/42960
https://www.debian.org/security/2011/dsa-2149
https://www.remlab.net/op/dbus-variant-recursion.shtml
https://www.securityfocus.com/bid/45377
https://www.ubuntu.com/usn/USN-1044-1
https://www.vupen.com/english/advisories/2010/3325
https://www.vupen.com/english/advisories/2011/0161
https://www.vupen.com/english/advisories/2011/0178
https://www.vupen.com/english/advisories/2011/0464
https://bugs.freedesktop.org/show_bug.cgi?id=32321
https://bugzilla.redhat.com/show_bug.cgi?id=663673

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management error in dbus (Alpine package)

Gentoo update for D-Bus

Resource management error in Freedesktop dbus