Executive Summary

Summary
Title libvirt: Multiple vulnerabilities
Informations
Name GLSA-201309-18 First vendor Publication 2013-09-25
Vendor Gentoo Last vendor Modification 2013-09-25
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in libvirt, allowing remote attackers to execute arbitrary code or cause Denial of Service.

Background

libvirt is a C toolkit for manipulating virtual machines.

Description

An error in the virNetMessageFree() function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command can lead to file descriptor exhaustion.

Impact

A remote attacker could cause certain errors during an RPC connection to cause a message to be freed without being removed from the message queue, possibly resulting in execution of arbitrary code or a Denial of Service condition. Additionally, a remote attacker could repeatedly issue the command to list all pool volumes, causing a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libvirt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/libvirt-1.0.5.1-r3"

References

[ 1 ] CVE-2013-0170 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0170
[ 2 ] CVE-2013-1962 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1962

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-18.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201309-18.xml

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-416 Use After Free
50 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18188
 
Oval ID: oval:org.mitre.oval:def:18188
Title: USN-1708-1 -- libvirt vulnerabilities
Description: libvirt could be made to crash or run programs if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1708-1
CVE-2012-4423
CVE-2013-0170
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18238
 
Oval ID: oval:org.mitre.oval:def:18238
Title: USN-1895-1 -- libvirt vulnerability
Description: libvirt could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1895-1
CVE-2013-1962
Version: 7
Platform(s): Ubuntu 13.04
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20985
 
Oval ID: oval:org.mitre.oval:def:20985
Title: RHSA-2013:0199: libvirt security update (Important)
Description: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Family: unix Class: patch
Reference(s): RHSA-2013:0199-01
CESA-2013:0199
CVE-2013-0170
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21243
 
Oval ID: oval:org.mitre.oval:def:21243
Title: RHSA-2013:0831: libvirt security and bug fix update (Moderate)
Description: The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
Family: unix Class: patch
Reference(s): RHSA-2013:0831-01
CESA-2013:0831
CVE-2013-1962
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23681
 
Oval ID: oval:org.mitre.oval:def:23681
Title: ELSA-2013:0199: libvirt security update (Important)
Description: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Family: unix Class: patch
Reference(s): ELSA-2013:0199-01
CVE-2013-0170
Version: 6
Platform(s): Oracle Linux 6
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23927
 
Oval ID: oval:org.mitre.oval:def:23927
Title: ELSA-2013:0831: libvirt security and bug fix update (Moderate)
Description: The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
Family: unix Class: patch
Reference(s): ELSA-2013:0831-01
CVE-2013-1962
Version: 6
Platform(s): Oracle Linux 6
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25946
 
Oval ID: oval:org.mitre.oval:def:25946
Title: SUSE-SU-2013:0320-1 -- Security update for libvirt
Description: libvirt was updated to fix the following security issue: * A flaw was found in the way message freeing on connection cleanup was handled under certain error conditions. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. (CVE-2013-0170) Also following bug has been fixed: * Add managedSave functions to legacy xen driver bnc#782311 Security Issue reference: * CVE-2013-0170 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0320-1
CVE-2013-0170
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26991
 
Oval ID: oval:org.mitre.oval:def:26991
Title: DEPRECATED: ELSA-2013-0831 -- libvirt security and bug fix update (moderate)
Description: [0.10.2-18.0.1.el6_4.5] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.5] - daemon: Fix leak after listing volumes (CVE-2013-1962) - Don't try to add non-existant devices to ACL (rhbz#958837) - Avoid spamming logs with cgroups warnings (rhbz#958837) - audit: Properly encode device path in cgroup audit (rhbz#958839)
Family: unix Class: patch
Reference(s): ELSA-2013-0831
CVE-2013-1962
Version: 4
Platform(s): Oracle Linux 6
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27095
 
Oval ID: oval:org.mitre.oval:def:27095
Title: DEPRECATED: ELSA-2013-0199 -- libvirt security update (important)
Description: [libvirt-0.9.10-21.0.1.el6_3.8] - Replace docs/et.png in tarball with blank image [0.9.10-21.el6_3.8] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170)
Family: unix Class: patch
Reference(s): ELSA-2013-0199
CVE-2013-0170
Version: 4
Platform(s): Oracle Linux 6
Product(s): libvirt
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 143
Os 2
Os 3
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-463.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-108.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-105.nasl - Type : ACT_GATHER_INFO
2013-09-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-18.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0199.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0831.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1895-1.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0199.nasl - Type : ACT_GATHER_INFO
2013-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2013-8681.nasl - Type : ACT_GATHER_INFO
2013-05-28 Name : The remote Fedora host is missing a security update.
File : fedora_2013-8635.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0831.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130516_libvirt_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0831.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libvirt-130205.nasl - Type : ACT_GATHER_INFO
2013-02-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1642.nasl - Type : ACT_GATHER_INFO
2013-02-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1626.nasl - Type : ACT_GATHER_INFO
2013-02-06 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1644.nasl - Type : ACT_GATHER_INFO
2013-01-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1708-1.nasl - Type : ACT_GATHER_INFO
2013-01-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130128_libvirt_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-01-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0199.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:37:45
  • Multiple Updates
2013-09-25 21:19:13
  • First insertion