Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2200

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-2200
Last Modified 11 Jul 2014 10:47:28
Published 22 Jun 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2200

Summary

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Vulnerable Systems

Application

  • D-bus Project D-bus 1.2.1

  • D-bus Project D-bus 1.2.10

  • D-bus Project D-bus 1.2.12

  • D-bus Project D-bus 1.2.14

  • D-bus Project D-bus 1.2.16

  • D-bus Project D-bus 1.2.18

  • D-bus Project D-bus 1.2.2

  • D-bus Project D-bus 1.2.20

  • D-bus Project D-bus 1.2.22

  • D-bus Project D-bus 1.2.24

  • D-bus Project D-bus 1.2.26

  • D-bus Project D-bus 1.2.3

  • D-bus Project D-bus 1.2.4

  • D-bus Project D-bus 1.2.4.2

  • D-bus Project D-bus 1.2.4.4

  • D-bus Project D-bus 1.2.4.6

  • D-bus Project D-bus 1.2.6

  • D-bus Project D-bus 1.2.8

  • D-bus Project D-bus 1.4.0

  • D-bus Project D-bus 1.4.1

  • D-bus Project D-bus 1.4.10

  • D-bus Project D-bus 1.4.4

  • D-bus Project D-bus 1.4.6

  • D-bus Project D-bus 1.4.8

  • D-bus Project D-bus 1.5.0

  • D-bus Project D-bus 1.5.2

  • Freedesktop Dbus 1.2.1

  • Freedesktop Dbus 1.2.10

  • Freedesktop Dbus 1.2.12

  • Freedesktop Dbus 1.2.14

  • Freedesktop Dbus 1.2.16

  • Freedesktop Dbus 1.2.18

  • Freedesktop Dbus 1.2.20

  • Freedesktop Dbus 1.2.22

  • Freedesktop Dbus 1.2.24

  • Freedesktop Dbus 1.2.26

  • Freedesktop Dbus 1.2.3

  • Freedesktop Dbus 1.2.4

  • Freedesktop Dbus 1.2.6

  • Freedesktop Dbus 1.2.8

  • Freedesktop Dbus 1.4.0

  • Freedesktop Dbus 1.4.1

  • Freedesktop Dbus 1.4.10

  • Freedesktop Dbus 1.4.4

  • Freedesktop Dbus 1.4.6

  • Freedesktop Dbus 1.4.8

  • Freedesktop Dbus 1.5.0

  • Freedesktop Dbus 1.5.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=712676

MLIST - [oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order

MLIST - [oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order

CONFIRM - http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2

CONFIRM - http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7

CONFIRM - http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=38120

XF - dbus-nonnative-dos(67974)

REDHAT - RHSA-2011:1132

SECUNIA - 44896

MLIST - [oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)

MLIST - [dbus] 20110530 D-Bus daemon big and little endian issue

MLIST - [dbus] 20070317 D-Bus daemon endianness issue

CONFIRM - http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938

Related Patches

Novell SUSE 2011:7592 dbus-1 security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 11:05:40