ID CVE-2011-1486
Summary libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
CVSS
Base: 3.3 (as of 12-08-2011 - 02:44)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:A/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 693391
    title CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libvirt is earlier than 0:0.8.2-15.el5_6.4
          oval oval:com.redhat.rhsa:tst:20110478002
        • comment libvirt is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382003
      • AND
        • comment libvirt-devel is earlier than 0:0.8.2-15.el5_6.4
          oval oval:com.redhat.rhsa:tst:20110478004
        • comment libvirt-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382007
      • AND
        • comment libvirt-python is earlier than 0:0.8.2-15.el5_6.4
          oval oval:com.redhat.rhsa:tst:20110478006
        • comment libvirt-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382005
    rhsa
    id RHSA-2011:0478
    released 2011-05-02
    severity Moderate
    title RHSA-2011:0478: libvirt security update (Moderate)
  • bugzilla
    id 693391
    title CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libvirt is earlier than 0:0.8.1-27.el6_0.6
          oval oval:com.redhat.rhsa:tst:20110479005
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581006
      • AND
        • comment libvirt-client is earlier than 0:0.8.1-27.el6_0.6
          oval oval:com.redhat.rhsa:tst:20110479009
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581008
      • AND
        • comment libvirt-devel is earlier than 0:0.8.1-27.el6_0.6
          oval oval:com.redhat.rhsa:tst:20110479007
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581010
      • AND
        • comment libvirt-python is earlier than 0:0.8.1-27.el6_0.6
          oval oval:com.redhat.rhsa:tst:20110479011
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581012
    rhsa
    id RHSA-2011:0479
    released 2011-05-02
    severity Moderate
    title RHSA-2011:0479: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.8.2-15.el5_6.4
  • libvirt-devel-0:0.8.2-15.el5_6.4
  • libvirt-python-0:0.8.2-15.el5_6.4
  • libvirt-0:0.8.1-27.el6_0.6
  • libvirt-client-0:0.8.1-27.el6_0.6
  • libvirt-devel-0:0.8.1-27.el6_0.6
  • libvirt-python-0:0.8.1-27.el6_0.6
refmap via4
bid 47148
confirm
debian DSA-2280
mlist [libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe
sectrack 1025477
secunia 44459
ubuntu USN-1152-1
Last major update 12-08-2011 - 02:44
Published 31-05-2011 - 20:55
Back to Top