Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-2200

Disclosure Date: June 22, 2011
CVE-2011-2200
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2011-2200 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2200)
Advisory
[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order (http://openwall.com/lists/oss-security/2011/06/13/12)
http://cgit.freedesktop.org/dbus/dbus/commit?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
[dbus] 20110530 D-Bus daemon big and little endian issue (http://lists.freedesktop.org/archives/dbus/2011-May/014408.html)
http://www.redhat.com/support/errata/RHSA-2011-1132.html
XF-dbus-nonnative-dos(67974) (https://exchange.xforce.ibmcloud.com/vulnerabilities/67974)
https://bugs.freedesktop.org/show_bug.cgi?id=38120
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
SECUNIA-44896 (http://secunia.com/advisories/44896)
https://bugzilla.redhat.com/show_bug.cgi?id=712676
[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order (http://openwall.com/lists/oss-security/2011/06/12/1)
http://cgit.freedesktop.org/dbus/dbus/commit?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order) (http://openwall.com/lists/oss-security/2011/06/12/2)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
[dbus] 20070317 D-Bus daemon endianness issue (http://lists.freedesktop.org/archives/dbus/2007-March/007357.html)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis