2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%
Debian Security Advisory DSA-2149-1 [email protected]
http://www.debian.org/security/ Nico Golde
January 20, 2011 http://www.debian.org/security/faq
Package : dbus
Vulnerability : denial of service
Problem type : local
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-4352
Rémi Denis-Courmont discovered that dbus, a message bus application,
is not properly limiting the nesting level when examining messages with
extensive nested variants. This allows an attacker to crash the dbus system
daemon due to a call stack overflow via crafted messages.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny2.
For the testing distribution (squeeze), this problem has been fixed in
version 1.2.24-4.
For the unstable distribution (sid), this problem has been fixed in
version 1.2.24-4.
We recommend that you upgrade your dbus packages.
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | sparc | libdbus-1-3 | < 1.2.1-5+lenny2 | libdbus-1-3_1.2.1-5+lenny2_sparc.deb |
Debian | 5 | arm | libdbus-1-3 | < 1.2.1-5+lenny2 | libdbus-1-3_1.2.1-5+lenny2_arm.deb |
Debian | 5 | amd64 | libdbus-1-3 | < 1.2.1-5+lenny2 | libdbus-1-3_1.2.1-5+lenny2_amd64.deb |
Debian | 5 | ia64 | libdbus-1-3 | < 1.2.1-5+lenny2 | libdbus-1-3_1.2.1-5+lenny2_ia64.deb |
Debian | 5 | powerpc | libdbus-1-dev | < 1.2.1-5+lenny2 | libdbus-1-dev_1.2.1-5+lenny2_powerpc.deb |
Debian | 5 | amd64 | libdbus-1-dev | < 1.2.1-5+lenny2 | libdbus-1-dev_1.2.1-5+lenny2_amd64.deb |
Debian | 5 | arm | dbus | < 1.2.1-5+lenny2 | dbus_1.2.1-5+lenny2_arm.deb |
Debian | 5 | s390 | dbus-x11 | < 1.2.1-5+lenny2 | dbus-x11_1.2.1-5+lenny2_s390.deb |
Debian | 5 | alpha | libdbus-1-dev | < 1.2.1-5+lenny2 | libdbus-1-dev_1.2.1-5+lenny2_alpha.deb |
Debian | 5 | sparc | dbus | < 1.2.1-5+lenny2 | dbus_1.2.1-5+lenny2_sparc.deb |