Vigil@nce: D-Bus, denial of service of dbus_signature_validate
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a malicious signature in order to stop
D-Bus and related applications.
Severity: 1/4
Consequences: denial of service of service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 17/04/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The D-Bus environment is used by applications to exchange
information. It is based on a daemon and a library which is used
by software.
The VIGILANCE-VUL-8158 (https://vigilance.fr/tree/1/8158)
vulnerability can be used by a local attacker in order to stop
D-Bus and related applications. However, a variant of this
vulnerability was not corrected.
An attacker can therefore use it to create a denial of service.
CHARACTERISTICS
Identifiers: 17803, CVE-2009-1189, VIGILANCE-VUL-8648
http://vigilance.fr/vulnerability/D-Bus-denial-of-service-of-dbus-signature-validate-8648