ID CVE-2011-2511
Summary Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 29-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 717199
    title CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libvirt is earlier than 0:0.8.2-22.el5
          oval oval:com.redhat.rhsa:tst:20111019002
        • comment libvirt is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382003
      • AND
        • comment libvirt-devel is earlier than 0:0.8.2-22.el5
          oval oval:com.redhat.rhsa:tst:20111019006
        • comment libvirt-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382007
      • AND
        • comment libvirt-python is earlier than 0:0.8.2-22.el5
          oval oval:com.redhat.rhsa:tst:20111019004
        • comment libvirt-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090382005
    rhsa
    id RHSA-2011:1019
    released 2011-07-21
    severity Moderate
    title RHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 728546
    title [libvirt] [logs] null dereference while preparing libvirt logs
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libvirt is earlier than 0:0.8.7-18.el6_1.1
          oval oval:com.redhat.rhsa:tst:20111197005
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581006
      • AND
        • comment libvirt-client is earlier than 0:0.8.7-18.el6_1.1
          oval oval:com.redhat.rhsa:tst:20111197007
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581008
      • AND
        • comment libvirt-devel is earlier than 0:0.8.7-18.el6_1.1
          oval oval:com.redhat.rhsa:tst:20111197009
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581010
      • AND
        • comment libvirt-python is earlier than 0:0.8.7-18.el6_1.1
          oval oval:com.redhat.rhsa:tst:20111197011
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581012
    rhsa
    id RHSA-2011:1197
    released 2011-08-23
    severity Moderate
    title RHSA-2011:1197: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.8.2-22.el5
  • libvirt-devel-0:0.8.2-22.el5
  • libvirt-python-0:0.8.2-22.el5
  • libvirt-0:0.8.7-18.el6_1.1
  • libvirt-client-0:0.8.7-18.el6_1.1
  • libvirt-devel-0:0.8.7-18.el6_1.1
  • libvirt-python-0:0.8.7-18.el6_1.1
refmap via4
confirm http://libvirt.org/news.html
debian DSA-2280
fedora
  • FEDORA-2011-9062
  • FEDORA-2011-9091
mlist
  • [libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow
  • [oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus
sectrack 1025822
secunia
  • 45375
  • 45441
  • 45446
suse SUSE-SU-2011:0837
ubuntu USN-1180-1
xf libvirt-virdomaingetvcpus-bo(68271)
Last major update 29-08-2017 - 01:29
Published 10-08-2011 - 20:55
Back to Top