Malcontent Disk Space Exhaustion Vulnerability via D-Bus API

A disk space exhaustion vulnerability has been identified in Malcontent version 0.14.0, specifically within the 'malcontent-timerd' component. This issue arises from a newly introduced D-Bus method called 'RecordUsage', which allows arbitrary users to gradually consume disk space in the '/var/lib/malcontent-timerd' directory. The vulnerability can be exploited by sending repeated requests to the D-Bus method, each of which creates an entry in a database file associated with the user's account. This accumulation of data entries leads to a local denial-of-service condition by filling up available disk space.

Impact

Exploitation of this vulnerability leads to a local denial-of-service condition, causing excessive disk space usage that can disrupt normal system operations.

Reproduction

The vulnerability can be reproduced by using the 'gdbus call' command to invoke the 'RecordUsage' method of the 'org.freedesktop.MalcontentTimer1' D-Bus service. This can be done in a loop to simulate a high volume of usage records being sent, which the daemon will then process and store, gradually consuming disk space.

Remediation

As of now, there is no official patch available for this vulnerability. However, it has been suggested that the D-Bus method could be restricted to local active session callers and that a limit could be imposed on the number of usage entries each user account can generate.