#VU32842 Input validation error in dbus - cve-2011-2200

Cybersecurity Help s.r.o.

Published: 2011-06-23 | Updated: 2020-07-28

Vulnerability identifier: #VU32842

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: cve-2011-2200

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
dbus
Universal components / Libraries / Libraries used by multiple products

Vendor: Freedesktop.org

Description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Mitigation
Install update from vendor's website.

Vulnerable software versions

dbus: 1.2.1 - 1.2.26, 1.4.0 - 1.4.10, 1.5.0 - 1.5.2

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
https://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
https://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
https://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
https://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.freedesktop.org/archives/dbus/2007-March/007357.html
https://lists.freedesktop.org/archives/dbus/2011-May/014408.html
https://openwall.com/lists/oss-security/2011/06/12/1
https://openwall.com/lists/oss-security/2011/06/12/2
https://openwall.com/lists/oss-security/2011/06/13/12
https://secunia.com/advisories/44896
https://www.redhat.com/support/errata/RHSA-2011-1132.html
https://bugs.freedesktop.org/show_bug.cgi?id=38120
https://bugzilla.redhat.com/show_bug.cgi?id=712676
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in dbus (Alpine package)

Gentoo update for D-Bus

Input validation error in Freedesktop dbus