ID CVE-2012-3445
Summary The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
References
Vulnerable Configurations
  • Red Hat libvirt 0.9.13
    cpe:2.3:a:redhat:libvirt:0.9.13
CVSS
Base: 3.5 (as of 08-08-2012 - 13:38)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1202.NASL
    description Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs : * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61661
    published 2012-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61661
    title CentOS 6 : libvirt (CESA-2012:1202)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120823_LIBVIRT_ON_SL6_X.NASL
    description The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs : - Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. - Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61656
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61656
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11843.NASL
    description - Rebased to version 0.9.6.2 - Fix crash in virTypedParameterArrayClear (bz 844745, bz 844734) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 61631
    published 2012-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61631
    title Fedora 16 : libvirt-0.9.6.2-1.fc16 (2012-11843)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1202.NASL
    description From Red Hat Security Advisory 2012:1202 : Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs : * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68603
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68603
    title Oracle Linux 6 : libvirt (ELSA-2012-1202)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-514.NASL
    description libvirt was updated to fix a remote denial of service which could lead to crashes in virtd.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74713
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74713
    title openSUSE Security Update : libvirt (openSUSE-SU-2012:0991-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-12523.NASL
    description - Rebased to version 0.9.11.5 - CVE-2012-3445 crash in virTypedParameterArrayClear (bz 844734) - Fix libvirt-guests (bz 843836) - Fix occasional loss of domain events in boxes (bz 819617) - Drop bogus daemon dep additions (bz 849159) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 61779
    published 2012-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61779
    title Fedora 17 : libvirt-0.9.11.5-3.fc17 (2012-12523)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1202.NASL
    description Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs : * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61654
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61654
    title RHEL 6 : libvirt (RHSA-2012:1202)
redhat via4
advisories
bugzilla
id 847946
title libvirtd may hang during tunneled migration
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment libvirt is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391006
    • AND
      • comment libvirt-client is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202009
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391010
    • AND
      • comment libvirt-devel is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202007
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391008
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202013
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120748014
    • AND
      • comment libvirt-python is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202011
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391012
rhsa
id RHSA-2012:1202
released 2012-08-23
severity Moderate
title RHSA-2012:1202: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.9.10-21.el6_3.4
  • libvirt-client-0:0.9.10-21.el6_3.4
  • libvirt-devel-0:0.9.10-21.el6_3.4
  • libvirt-lock-sanlock-0:0.9.10-21.el6_3.4
  • libvirt-python-0:0.9.10-21.el6_3.4
refmap via4
bid 54748
misc https://bugzilla.redhat.com/show_bug.cgi?id=844734
mlist
  • [libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear
  • [oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear
  • [oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear
secunia
  • 50118
  • 50299
  • 50372
suse openSUSE-SU-2012:0991
Last major update 21-03-2013 - 23:11
Published 07-08-2012 - 17:55
Back to Top