ID CVE-2014-1447
Summary Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
References
Vulnerable Configurations
  • Red Hat libvirt 0.0.1
    cpe:2.3:a:redhat:libvirt:0.0.1
  • Red Hat libvirt 0.0.2
    cpe:2.3:a:redhat:libvirt:0.0.2
  • Red Hat libvirt 0.0.3
    cpe:2.3:a:redhat:libvirt:0.0.3
  • Red Hat libvirt 0.0.4
    cpe:2.3:a:redhat:libvirt:0.0.4
  • Red Hat libvirt 0.0.5
    cpe:2.3:a:redhat:libvirt:0.0.5
  • Red Hat libvirt 0.0.6
    cpe:2.3:a:redhat:libvirt:0.0.6
  • Red Hat libvirt 0.1.0
    cpe:2.3:a:redhat:libvirt:0.1.0
  • Red Hat libvirt 0.1.1
    cpe:2.3:a:redhat:libvirt:0.1.1
  • Red Hat libvirt 0.1.3
    cpe:2.3:a:redhat:libvirt:0.1.3
  • Red Hat libvirt 0.1.4
    cpe:2.3:a:redhat:libvirt:0.1.4
  • Red Hat libvirt 0.1.5
    cpe:2.3:a:redhat:libvirt:0.1.5
  • Red Hat libvirt 0.1.6
    cpe:2.3:a:redhat:libvirt:0.1.6
  • Red Hat libvirt 0.1.7
    cpe:2.3:a:redhat:libvirt:0.1.7
  • Red Hat libvirt 0.1.8
    cpe:2.3:a:redhat:libvirt:0.1.8
  • Red Hat libvirt 0.1.9
    cpe:2.3:a:redhat:libvirt:0.1.9
  • Red Hat libvirt 0.10.0
    cpe:2.3:a:redhat:libvirt:0.10.0
  • Red Hat libvirt 0.10.1
    cpe:2.3:a:redhat:libvirt:0.10.1
  • Red Hat libvirt 0.10.2
    cpe:2.3:a:redhat:libvirt:0.10.2
  • Red Hat libvirt 0.10.2.1
    cpe:2.3:a:redhat:libvirt:0.10.2.1
  • Red Hat libvirt 0.10.2.2
    cpe:2.3:a:redhat:libvirt:0.10.2.2
  • Red Hat libvirt 0.10.2.3
    cpe:2.3:a:redhat:libvirt:0.10.2.3
  • Red Hat libvirt 0.10.2.4
    cpe:2.3:a:redhat:libvirt:0.10.2.4
  • Red Hat libvirt 0.10.2.5
    cpe:2.3:a:redhat:libvirt:0.10.2.5
  • Red Hat libvirt 0.10.2.6
    cpe:2.3:a:redhat:libvirt:0.10.2.6
  • Red Hat libvirt 0.10.2.7
    cpe:2.3:a:redhat:libvirt:0.10.2.7
  • Red Hat libvirt 0.10.2.8
    cpe:2.3:a:redhat:libvirt:0.10.2.8
  • Red Hat libvirt 0.2.0
    cpe:2.3:a:redhat:libvirt:0.2.0
  • Red Hat libvirt 0.2.1
    cpe:2.3:a:redhat:libvirt:0.2.1
  • Red Hat libvirt 0.2.2
    cpe:2.3:a:redhat:libvirt:0.2.2
  • Red Hat libvirt 0.2.3
    cpe:2.3:a:redhat:libvirt:0.2.3
  • Red Hat libvirt 0.3.0
    cpe:2.3:a:redhat:libvirt:0.3.0
  • Red Hat libvirt 0.3.1
    cpe:2.3:a:redhat:libvirt:0.3.1
  • Red Hat libvirt 0.3.2
    cpe:2.3:a:redhat:libvirt:0.3.2
  • Red Hat libvirt 0.3.3
    cpe:2.3:a:redhat:libvirt:0.3.3
  • Red Hat libvirt 0.4.0
    cpe:2.3:a:redhat:libvirt:0.4.0
  • Red Hat libvirt 0.4.1
    cpe:2.3:a:redhat:libvirt:0.4.1
  • Red Hat libvirt 0.4.2
    cpe:2.3:a:redhat:libvirt:0.4.2
  • Red Hat libvirt 0.4.3
    cpe:2.3:a:redhat:libvirt:0.4.3
  • Red Hat libvirt 0.4.4
    cpe:2.3:a:redhat:libvirt:0.4.4
  • Red Hat libvirt 0.4.5
    cpe:2.3:a:redhat:libvirt:0.4.5
  • Red Hat libvirt 0.4.6
    cpe:2.3:a:redhat:libvirt:0.4.6
  • Red Hat libvirt 0.5.0
    cpe:2.3:a:redhat:libvirt:0.5.0
  • Red Hat libvirt 0.5.1
    cpe:2.3:a:redhat:libvirt:0.5.1
  • Red Hat libvirt 0.6.0
    cpe:2.3:a:redhat:libvirt:0.6.0
  • Red Hat libvirt 0.6.1
    cpe:2.3:a:redhat:libvirt:0.6.1
  • Red Hat libvirt 0.6.2
    cpe:2.3:a:redhat:libvirt:0.6.2
  • Red Hat libvirt 0.6.3
    cpe:2.3:a:redhat:libvirt:0.6.3
  • Red Hat libvirt 0.6.4
    cpe:2.3:a:redhat:libvirt:0.6.4
  • Red Hat libvirt 0.6.5
    cpe:2.3:a:redhat:libvirt:0.6.5
  • Red Hat libvirt 0.7.0
    cpe:2.3:a:redhat:libvirt:0.7.0
  • Red Hat libvirt 0.7.1
    cpe:2.3:a:redhat:libvirt:0.7.1
  • Red Hat libvirt 0.7.2
    cpe:2.3:a:redhat:libvirt:0.7.2
  • Red Hat libvirt 0.7.3
    cpe:2.3:a:redhat:libvirt:0.7.3
  • Red Hat libvirt 0.7.4
    cpe:2.3:a:redhat:libvirt:0.7.4
  • Red Hat libvirt 0.7.5
    cpe:2.3:a:redhat:libvirt:0.7.5
  • Red Hat libvirt 0.7.6
    cpe:2.3:a:redhat:libvirt:0.7.6
  • Red Hat libvirt 0.7.7
    cpe:2.3:a:redhat:libvirt:0.7.7
  • Red Hat libvirt 0.8.0
    cpe:2.3:a:redhat:libvirt:0.8.0
  • Red Hat libvirt 0.8.1
    cpe:2.3:a:redhat:libvirt:0.8.1
  • Red Hat libvirt 0.8.2
    cpe:2.3:a:redhat:libvirt:0.8.2
  • Red Hat libvirt 0.8.3
    cpe:2.3:a:redhat:libvirt:0.8.3
  • Red Hat libvirt 0.8.4
    cpe:2.3:a:redhat:libvirt:0.8.4
  • Red Hat libvirt 0.8.5
    cpe:2.3:a:redhat:libvirt:0.8.5
  • Red Hat libvirt 0.8.6
    cpe:2.3:a:redhat:libvirt:0.8.6
  • Red Hat libvirt 0.8.7
    cpe:2.3:a:redhat:libvirt:0.8.7
  • Red Hat libvirt 0.8.8
    cpe:2.3:a:redhat:libvirt:0.8.8
  • Red Hat libvirt 0.9.0
    cpe:2.3:a:redhat:libvirt:0.9.0
  • Red Hat libvirt 0.9.1
    cpe:2.3:a:redhat:libvirt:0.9.1
  • Red Hat libvirt 0.9.10
    cpe:2.3:a:redhat:libvirt:0.9.10
  • Red Hat libvirt 0.9.11
    cpe:2.3:a:redhat:libvirt:0.9.11
  • Red Hat libvirt 0.9.11.1
    cpe:2.3:a:redhat:libvirt:0.9.11.1
  • Red Hat libvirt 0.9.11.2
    cpe:2.3:a:redhat:libvirt:0.9.11.2
  • Red Hat libvirt 0.9.11.3
    cpe:2.3:a:redhat:libvirt:0.9.11.3
  • Red Hat libvirt 0.9.11.4
    cpe:2.3:a:redhat:libvirt:0.9.11.4
  • Red Hat libvirt 0.9.11.5
    cpe:2.3:a:redhat:libvirt:0.9.11.5
  • Red Hat libvirt 0.9.11.6
    cpe:2.3:a:redhat:libvirt:0.9.11.6
  • Red Hat libvirt 0.9.11.7
    cpe:2.3:a:redhat:libvirt:0.9.11.7
  • Red Hat libvirt 0.9.11.8
    cpe:2.3:a:redhat:libvirt:0.9.11.8
  • Red Hat libvirt 0.9.12
    cpe:2.3:a:redhat:libvirt:0.9.12
  • Red Hat libvirt 0.9.13
    cpe:2.3:a:redhat:libvirt:0.9.13
  • Red Hat libvirt 0.9.2
    cpe:2.3:a:redhat:libvirt:0.9.2
  • Red Hat libvirt 0.9.3
    cpe:2.3:a:redhat:libvirt:0.9.3
  • Red Hat libvirt 0.9.4
    cpe:2.3:a:redhat:libvirt:0.9.4
  • Red Hat libvirt 0.9.5
    cpe:2.3:a:redhat:libvirt:0.9.5
  • Red Hat libvirt 0.9.6
    cpe:2.3:a:redhat:libvirt:0.9.6
  • Red Hat libvirt 0.9.6.1
    cpe:2.3:a:redhat:libvirt:0.9.6.1
  • Red Hat libvirt 0.9.6.2
    cpe:2.3:a:redhat:libvirt:0.9.6.2
  • Red Hat libvirt 0.9.6.3
    cpe:2.3:a:redhat:libvirt:0.9.6.3
  • Red Hat libvirt 0.9.7
    cpe:2.3:a:redhat:libvirt:0.9.7
  • Red Hat libvirt 0.9.8
    cpe:2.3:a:redhat:libvirt:0.9.8
  • Red Hat libvirt 0.9.9
    cpe:2.3:a:redhat:libvirt:0.9.9
  • Red Hat libvirt 1.0.0
    cpe:2.3:a:redhat:libvirt:1.0.0
  • Red Hat libvirt 1.0.1
    cpe:2.3:a:redhat:libvirt:1.0.1
  • Red Hat libvirt 1.0.2
    cpe:2.3:a:redhat:libvirt:1.0.2
  • Red Hat libvirt 1.0.3
    cpe:2.3:a:redhat:libvirt:1.0.3
  • Red Hat libvirt 1.0.4
    cpe:2.3:a:redhat:libvirt:1.0.4
  • Red Hat libvirt 1.0.5
    cpe:2.3:a:redhat:libvirt:1.0.5
  • Red Hat libvirt 1.0.5.1
    cpe:2.3:a:redhat:libvirt:1.0.5.1
  • Red Hat libvirt 1.0.5.2
    cpe:2.3:a:redhat:libvirt:1.0.5.2
  • Red Hat libvirt 1.0.5.3
    cpe:2.3:a:redhat:libvirt:1.0.5.3
  • Red Hat libvirt 1.0.5.4
    cpe:2.3:a:redhat:libvirt:1.0.5.4
  • Red Hat libvirt 1.0.5.5
    cpe:2.3:a:redhat:libvirt:1.0.5.5
  • Red Hat libvirt 1.0.5.6
    cpe:2.3:a:redhat:libvirt:1.0.5.6
  • Red Hat libvirt 1.0.6
    cpe:2.3:a:redhat:libvirt:1.0.6
  • Red Hat libvirt 1.1.0
    cpe:2.3:a:redhat:libvirt:1.1.0
  • Red Hat libvirt 1.1.1
    cpe:2.3:a:redhat:libvirt:1.1.1
  • Red Hat libvirt 1.1.2
    cpe:2.3:a:redhat:libvirt:1.1.2
  • Red Hat libvirt 1.1.3
    cpe:2.3:a:redhat:libvirt:1.1.3
  • Red Hat libvirt 1.1.4
    cpe:2.3:a:redhat:libvirt:1.1.4
  • Red Hat libvirt 1.2.0
    cpe:2.3:a:redhat:libvirt:1.2.0
CVSS
Base: 3.3 (as of 31-12-2014 - 14:48)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0103.NASL
    description From Red Hat Security Advisory 2014:0103 : Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 72195
    published 2014-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72195
    title Oracle Linux 6 : libvirt (ELSA-2014-0103)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2846.NASL
    description Multiple security issues have been found in Libvirt, a virtualisation abstraction library : - CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. - CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72011
    published 2014-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72011
    title Debian DSA-2846-1 : libvirt - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2093-1.NASL
    description Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-6436) Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. (CVE-2013-6457) It was discovered that libvirt contained multiple race conditions in block device handling. A remote read-only user could use this flaw to cause libvirtd to crash, resulting in a denial of service. (CVE-2013-6458) Eric Blake discovered that libvirt incorrectly handled certain ACLs. An attacker could use this flaw to possibly obtain certain sensitive information. This issue only affected Ubuntu 13.10. (CVE-2014-0028) Jiri Denemark discovered that libvirt incorrectly handled keepalives. A remote attacker could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. (CVE-2014-1447). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72232
    published 2014-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72232
    title Ubuntu 12.04 LTS / 12.10 / 13.10 : libvirt vulnerabilities (USN-2093-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-151.NASL
    description This update fixes the following security issues with libvirt : - bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu domains (CVE-2013-6458) - bnc#858817: Don't crash if a connection closes early (CVE-2014-1447)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75263
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75263
    title openSUSE Security Update : libvirt (openSUSE-SU-2014:0270-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0103.NASL
    description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72196
    published 2014-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72196
    title RHEL 6 : libvirt (RHSA-2014:0103)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-154.NASL
    description This update fixes the following security and non security issues with libvirt : - bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu domains (CVE-2013-6458) - bnc#858817: Don't crash if a connection closes early (CVE-2014-1447) - bnc#858824: avoid crashing libvirtd when calling `virsh numatune' on inactive Xen libxl domain (CVE-2013-6457) - bnc#859051: filter global events by domain:getattr ACL (CVE-2014-0028) - bnc#817407: Add CAP_SYS_PACCT capability to libvirtd AppArmor profile - bnc#859041: Following the upstream pattern, introduce the daemon-config-network subpackage to handle defining the default network - bnc#857271: Fix initialization of emulated NICs - bnc#857271: Fix potential segfault in libxl driver when domain create fails
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75266
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75266
    title openSUSE Security Update : libvirt (openSUSE-SU-2014:0268-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0103.NASL
    description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72205
    published 2014-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72205
    title CentOS 6 : libvirt (CESA-2014:0103)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140128_LIBVIRT_ON_SL6_X.NASL
    description A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read- only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : - A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 72197
    published 2014-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72197
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79814
    published 2014-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79814
    title GLSA-201412-04 : libvirt: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBVIRT-140211.NASL
    description This update fixes the following one non-security and two security issues with libvirt : - Fixing device assignment problem with Broadcom 57810 NIC to Guest OS. (bnc#817407) - qemu job usage issue in several API leading to libvirtd crash. (CVE-2013-6458). (bnc#857492) - denial of service with keepalive (CVE-2014-1447). (bnc#858817)
    last seen 2019-02-21
    modified 2014-03-04
    plugin id 72769
    published 2014-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72769
    title SuSE 11.3 Security Update : libvirt (SAT Patch Number 8886)
redhat via4
advisories
bugzilla
id 1055578
title bidirectional VMs migration between 2 hosts fail on VM doesn't exist / fatal error
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment libvirt is earlier than 0:0.10.2-29.el6_5.3
        oval oval:com.redhat.rhsa:tst:20140103005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391006
    • AND
      • comment libvirt-client is earlier than 0:0.10.2-29.el6_5.3
        oval oval:com.redhat.rhsa:tst:20140103007
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391010
    • AND
      • comment libvirt-devel is earlier than 0:0.10.2-29.el6_5.3
        oval oval:com.redhat.rhsa:tst:20140103011
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391008
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:0.10.2-29.el6_5.3
        oval oval:com.redhat.rhsa:tst:20140103013
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120748014
    • AND
      • comment libvirt-python is earlier than 0:0.10.2-29.el6_5.3
        oval oval:com.redhat.rhsa:tst:20140103009
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391012
rhsa
id RHSA-2014:0103
released 2014-01-28
severity Moderate
title RHSA-2014:0103: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.10.2-29.el6_5.3
  • libvirt-client-0:0.10.2-29.el6_5.3
  • libvirt-devel-0:0.10.2-29.el6_5.3
  • libvirt-lock-sanlock-0:0.10.2-29.el6_5.3
  • libvirt-python-0:0.10.2-29.el6_5.3
refmap via4
confirm
debian DSA-2846
gentoo GLSA-201412-04
sectrack 1029695
secunia
  • 56321
  • 56446
  • 60895
suse
  • openSUSE-SU-2014:0268
  • openSUSE-SU-2014:0270
ubuntu USN-2093-1
Last major update 02-01-2015 - 20:44
Published 24-01-2014 - 13:55
Back to Top