PublicDateAtUSN: 2010-12-30
Candidate: CVE-2010-4352
PublicDate: 2010-12-30 19:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4352
 http://openwall.com/lists/oss-security/2010/12/16/3
 http://www.remlab.net/op/dbus-variant-recursion.shtml
 https://ubuntu.com/security/notices/USN-1044-1
Description:
 Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows
 local users to cause a denial of service (daemon crash) via a message
 containing many nested variants.
Ubuntu-Description:
Notes:
 jdstrand> requires unprivileged user account
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=663673
 https://bugs.freedesktop.org/show_bug.cgi?id=32321
 https://bugs.edge.launchpad.net/ubuntu/+source/dbus/+bug/688992
Priority: medium
Discovered-by: Remi Denis-Courmont
Assigned-to: jdstrand
CVSS: 

Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
upstream_dbus: released (1.4.1)
dapper_dbus: ignored (reached end-of-life)
hardy_dbus: released (1.1.20-1ubuntu3.4)
karmic_dbus: released (1.2.16-0ubuntu9.1)
lucid_dbus: released (1.2.16-2ubuntu4.1)
maverick_dbus: released (1.4.0-0ubuntu1.1)
devel_dbus: not-affected (1.4.1-0ubuntu2)