ID CVE-2013-7336
Summary The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
References
Vulnerable Configurations
  • Red Hat libvirt 1.0.0
    cpe:2.3:a:redhat:libvirt:1.0.0
  • Red Hat libvirt 1.0.1
    cpe:2.3:a:redhat:libvirt:1.0.1
  • Red Hat libvirt 1.0.2
    cpe:2.3:a:redhat:libvirt:1.0.2
  • Red Hat libvirt 1.0.3
    cpe:2.3:a:redhat:libvirt:1.0.3
  • Red Hat libvirt 1.0.4
    cpe:2.3:a:redhat:libvirt:1.0.4
  • Red Hat libvirt 1.0.5
    cpe:2.3:a:redhat:libvirt:1.0.5
  • Red Hat libvirt 1.0.5.1
    cpe:2.3:a:redhat:libvirt:1.0.5.1
  • Red Hat libvirt 1.0.5.2
    cpe:2.3:a:redhat:libvirt:1.0.5.2
  • Red Hat libvirt 1.0.5.3
    cpe:2.3:a:redhat:libvirt:1.0.5.3
  • Red Hat libvirt 1.0.5.4
    cpe:2.3:a:redhat:libvirt:1.0.5.4
  • Red Hat libvirt 1.0.5.5
    cpe:2.3:a:redhat:libvirt:1.0.5.5
  • Red Hat libvirt 1.0.5.6
    cpe:2.3:a:redhat:libvirt:1.0.5.6
  • Red Hat libvirt 1.0.6
    cpe:2.3:a:redhat:libvirt:1.0.6
  • Red Hat libvirt 1.1.0
    cpe:2.3:a:redhat:libvirt:1.1.0
  • Red Hat libvirt 1.1.1
    cpe:2.3:a:redhat:libvirt:1.1.1
  • Red Hat libvirt 1.1.2
    cpe:2.3:a:redhat:libvirt:1.1.2
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
CVSS
Base: 1.9 (as of 31-12-2014 - 14:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2209-1.NASL
    description It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456) Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 73940
    published 2014-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73940
    title Ubuntu 13.10 : libvirt vulnerabilities (USN-2209-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-328.NASL
    description libvirt was updated to fix various bugs and security issues : CVE-2013-7336: libvirt: unprivileged user can crash libvirtd during spice migration CVE-2013-6456: unsafe usage of paths under /proc/$PID/root Bugfixes for libvirt client killed on reboot shutdown. (bnc#852005) Also notify systemd when we are ready to accept connections.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75338
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75338
    title openSUSE Security Update : libvirt (openSUSE-SU-2014:0593-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79814
    published 2014-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79814
    title GLSA-201412-04 : libvirt: Multiple vulnerabilities
redhat via4
advisories
bugzilla
id 1014198
title Allow QoS change on the fly using updateDeviceFlags
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libvirt is earlier than 0:0.10.2-29.el6
        oval oval:com.redhat.rhba:tst:20131581005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581006
    • AND
      • comment libvirt-client is earlier than 0:0.10.2-29.el6
        oval oval:com.redhat.rhba:tst:20131581007
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581008
    • AND
      • comment libvirt-devel is earlier than 0:0.10.2-29.el6
        oval oval:com.redhat.rhba:tst:20131581009
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581010
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:0.10.2-29.el6
        oval oval:com.redhat.rhba:tst:20131581013
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581014
    • AND
      • comment libvirt-python is earlier than 0:0.10.2-29.el6
        oval oval:com.redhat.rhba:tst:20131581011
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581012
rhsa
released 2013-11-20
severity None
title RHBA-2013:1581: libvirt bug fix and enhancement update (None)
rpms
  • libvirt-0:0.10.2-29.el6
  • libvirt-client-0:0.10.2-29.el6
  • libvirt-devel-0:0.10.2-29.el6
  • libvirt-lock-sanlock-0:0.10.2-29.el6
  • libvirt-python-0:0.10.2-29.el6
refmap via4
confirm
gentoo GLSA-201412-04
mlist
  • [oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration
  • [oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration
secunia 60895
suse openSUSE-SU-2014:0593
Last major update 02-01-2015 - 21:18
Published 07-05-2014 - 06:55
Last modified 30-10-2018 - 12:27
Back to Top