Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Jun 2011 15:01:40 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC:, Simon McVittie <>,
Subject: CVE Request -- dbus -- Local DoS via messages with non-native byte

Hello, Josh, Steve, vendors,

   It was found that D-BUS message bus service / messaging facility did
not update the byte-order flag of the message properly by swapping the
byte order of incoming messages into their native endiannes. A local,
authenticated user could use this flaw to send a specially-crafted
message to a system service (like Avahi or NetworkManager), using the
system bus, potentially leading to disconnect of such a service from
system bus (denial of service).


Upstream patches:
     (in upstream v1.2.28 version)

     (in upstream v1.4.12 version)

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ