CVE-2010-4352

Published: 30 December 2010

Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

Notes

Author	Note
jdstrand	requires unprivileged user account

Priority

Status

Package	Release	Status
dbus Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Released (1.1.20-1ubuntu3.4)
	karmic	Released (1.2.16-0ubuntu9.1)
	lucid	Released (1.2.16-2ubuntu4.1)
	maverick	Released (1.4.0-0ubuntu1.1)
	upstream	Released (1.4.1)
	Patches: upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4

References

http://openwall.com/lists/oss-security/2010/12/16/3
http://www.remlab.net/op/dbus-variant-recursion.shtml
https://ubuntu.com/security/notices/USN-1044-1
https://www.cve.org/CVERecord?id=CVE-2010-4352
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=663673
https://bugs.freedesktop.org/show_bug.cgi?id=32321
https://bugs.edge.launchpad.net/ubuntu/+source/dbus/+bug/688992

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›