NVD Vulnerability Detail

CVE-2010-4352

Summary	Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
Publication Date	Dec. 31, 2010, 4 a.m.
Registration Date	Jan. 29, 2021, 11:08 a.m.
Last Update	Nov. 21, 2024, 10:20 a.m.

CVSS2.0 : LOW
Score	2.1
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:d-bus_project:d-bus::::::::			1.4.0

Related information, measures and tools

No	URL	タグ
1	http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4	Patch
2	http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4	Patch
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
4	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
5	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html	Exploit Patch
6	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html	Exploit Patch
7	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
8	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
9	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
10	http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
11	http://openwall.com/lists/oss-security/2010/12/16/3	Exploit Patch
12	http://openwall.com/lists/oss-security/2010/12/16/3	Exploit Patch
13	http://openwall.com/lists/oss-security/2010/12/16/6	Exploit Patch
14	http://openwall.com/lists/oss-security/2010/12/16/6	Exploit Patch
15	http://openwall.com/lists/oss-security/2010/12/21/3
16	http://openwall.com/lists/oss-security/2010/12/21/3
17	http://secunia.com/advisories/42580	Vendor Advisory
18	http://secunia.com/advisories/42580	Vendor Advisory
19	http://secunia.com/advisories/42760	Vendor Advisory
20	http://secunia.com/advisories/42760	Vendor Advisory
21	http://secunia.com/advisories/42911
22	http://secunia.com/advisories/42911
23	http://secunia.com/advisories/42960
24	http://secunia.com/advisories/42960
25	http://www.debian.org/security/2011/dsa-2149
26	http://www.debian.org/security/2011/dsa-2149
27	http://www.remlab.net/op/dbus-variant-recursion.shtml	Vendor Advisory
28	http://www.remlab.net/op/dbus-variant-recursion.shtml	Vendor Advisory
29	http://www.securityfocus.com/bid/45377
30	http://www.securityfocus.com/bid/45377
31	http://www.ubuntu.com/usn/USN-1044-1
32	http://www.ubuntu.com/usn/USN-1044-1
33	http://www.vupen.com/english/advisories/2010/3325	Vendor Advisory
34	http://www.vupen.com/english/advisories/2010/3325	Vendor Advisory
35	http://www.vupen.com/english/advisories/2011/0161
36	http://www.vupen.com/english/advisories/2011/0161
37	http://www.vupen.com/english/advisories/2011/0178
38	http://www.vupen.com/english/advisories/2011/0178
39	http://www.vupen.com/english/advisories/2011/0464
40	http://www.vupen.com/english/advisories/2011/0464
41	https://bugs.freedesktop.org/show_bug.cgi?id=32321	Exploit Patch
42	https://bugs.freedesktop.org/show_bug.cgi?id=32321	Exploit Patch
43	https://bugzilla.redhat.com/show_bug.cgi?id=663673	Exploit Patch
44	https://bugzilla.redhat.com/show_bug.cgi?id=663673	Exploit Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

JVN Vulnerability Information

D-Bus におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性

Title	D-Bus におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
Summary	D-Bus には、サービス運用妨害 (デーモンクラッシュ) の脆弱性が存在します。
Possible impacts	ローカルユーザにより、ネストされた VARIANT を大量に含むメッセージを介して、サービス運用妨害 (デーモンクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 30, 2010, midnight
Registration Date	April 27, 2011, 11:26 a.m.
Last Update	April 27, 2011, 11:26 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Long Life (v. 5.6 server)

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

RHEL Desktop Workstation 5 (client)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

freedesktop.org

D-Bus 1.4.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4352	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4352
National Vulnerability Database (NVD)
2	CVE-2010-4352	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4352

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	dbus-1.1.2-15.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1364
freedesktop.org
2	Bug 32321	https://bugs.freedesktop.org/show_bug.cgi?id=32321
3	Clarifications on the D-Bus specification	http://lists.freedesktop.org/archives/dbus/2010-December/013822.html
4	CVE 2010-4352: Reject deeply nested variants	http://lists.freedesktop.org/archives/dbus/2010-December/013861.html
Red Hat Security Advisory
5	RHSA-2011:0332	https://rhn.redhat.com/errata/RHSA-2011-0376.html

その他

No	Name	URL
Secunia Advisory
1	SA42580	http://secunia.com/advisories/42580
SecurityFocus
2	45377	http://www.securityfocus.com/bid/45377

Change Log

No	Changed Details	Date of change
0	[2011年04月27日] 掲載	Feb. 17, 2018, 10:37 a.m.