Vigil@nce - dbus: denial of service via AccessDenied
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can send a malicious message to a dbus service,
in order to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 11/06/2014
DESCRIPTION OF THE VULNERABILITY
The D-Bus system is used by local applications, in order to
exchange messages.
However, when the client sends a message to a stopped service,
with a security policy denying this message, the service sends an
AccessDenied error message to itself.
A local attacker can therefore send a malicious message to a dbus
service, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/dbus-denial-of-service-via-AccessDenied-14878