Vigil@nce - D-Bus: denial of service via ActivationFailure
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can send ActivationFailure messages to D-Bus, in
order to trigger a denial of service.
– Impacted products: Debian, Unix (platform)
– Severity: 1/4
– Creation date: 09/02/2015
DESCRIPTION OF THE VULNERABILITY
The D-Bus system is used by local applications, in order to
exchange messages.
B-Bus can request systemd to start a service. If this operation
fails, systemd sends an ActivationFailure to D-Bus. However, D-Bus
does not check if this message really comes from systemd.
A local attacker can therefore send ActivationFailure messages to
D-Bus, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/D-Bus-denial-of-service-via-ActivationFailure-16136