ID CVE-2013-0170
Summary Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.1:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.2:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.3:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.4:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.5:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.5:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.6:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.6:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.7:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.7:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:*:0.9.11.8:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:*:0.9.11.8:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 893450
title CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libvirt is earlier than 0:0.9.10-21.el6_3.8
        oval oval:com.redhat.rhsa:tst:20130199005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581006
    • AND
      • comment libvirt-client is earlier than 0:0.9.10-21.el6_3.8
        oval oval:com.redhat.rhsa:tst:20130199007
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581008
    • AND
      • comment libvirt-devel is earlier than 0:0.9.10-21.el6_3.8
        oval oval:com.redhat.rhsa:tst:20130199011
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581010
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.8
        oval oval:com.redhat.rhsa:tst:20130199013
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581014
    • AND
      • comment libvirt-python is earlier than 0:0.9.10-21.el6_3.8
        oval oval:com.redhat.rhsa:tst:20130199009
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581012
rhsa
id RHSA-2013:0199
released 2013-01-28
severity Important
title RHSA-2013:0199: libvirt security update (Important)
rpms
  • libvirt-0:0.9.10-21.el6_3.8
  • libvirt-client-0:0.9.10-21.el6_3.8
  • libvirt-devel-0:0.9.10-21.el6_3.8
  • libvirt-lock-sanlock-0:0.9.10-21.el6_3.8
  • libvirt-python-0:0.9.10-21.el6_3.8
refmap via4
bid 57578
confirm
fedora
  • FEDORA-2013-1626
  • FEDORA-2013-1642
  • FEDORA-2013-1644
osvdb 89644
sectrack 1028047
secunia
  • 52001
  • 52003
suse
  • SUSE-SU-2013:0320
  • openSUSE-SU-2013:0274
  • openSUSE-SU-2013:0275
ubuntu USN-1708-1
xf libvirt-virnetmessagefree-code-exec(81552)
Last major update 22-04-2019 - 17:48
Published 08-02-2013 - 20:55
Back to Top