Vulnerability Details : CVE-2011-2200
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2011-2200
- cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:permissive
- cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:permissive
- cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:permissive
Exploit prediction scoring system (EPSS) score for CVE-2011-2200
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2011-2200
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2200
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
#629938 - libdbus-1-3: [CVE-2011-2200] local DoS via messages with non-native byte order - Debian Bug report logs
-
http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
D-Bus daemon endianness issue
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
D-Bus non-native denial of service CVE-2011-2200 Vulnerability Report
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://openwall.com/lists/oss-security/2011/06/12/1
oss-security - CVE Request -- dbus -- Local DoS via messages with non-native byte orderPatch
-
http://secunia.com/advisories/44896
Sign inVendor Advisory
-
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
NEWS - dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)
-
http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
D-Bus daemon big and little endian issue
-
http://openwall.com/lists/oss-security/2011/06/13/12
oss-security - Re: CVE Request -- dbus -- Local DoS via messages with non-native byte orderPatch
-
http://openwall.com/lists/oss-security/2011/06/12/2
oss-security - Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)
-
https://bugs.freedesktop.org/show_bug.cgi?id=38120
38120 – (CVE-2011-2200) byteswapping a message doesn't change the byte-order mark
-
https://bugzilla.redhat.com/show_bug.cgi?id=712676
712676 – (CVE-2011-2200) CVE-2011-2200 dbus: Local DoS via messages with non-native byte orderPatch
-
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)Patch
-
http://www.redhat.com/support/errata/RHSA-2011-1132.html
Support
-
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
NEWS - dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)Patch
-
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)Patch
Jump to