ID CVE-2014-3657
Summary The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
References
Vulnerable Configurations
  • cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*
    cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-11-2014 - 03:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1145667
title CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment libvirt is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581006
    • AND
      • comment libvirt-client is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352009
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581008
    • AND
      • comment libvirt-daemon is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352023
      • comment libvirt-daemon is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914016
    • AND
      • comment libvirt-daemon-config-network is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352035
      • comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914008
    • AND
      • comment libvirt-daemon-config-nwfilter is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352031
      • comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914022
    • AND
      • comment libvirt-daemon-driver-interface is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352029
      • comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914028
    • AND
      • comment libvirt-daemon-driver-lxc is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352021
      • comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914026
    • AND
      • comment libvirt-daemon-driver-network is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352013
      • comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914010
    • AND
      • comment libvirt-daemon-driver-nodedev is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352027
      • comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914020
    • AND
      • comment libvirt-daemon-driver-nwfilter is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352025
      • comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914038
    • AND
      • comment libvirt-daemon-driver-qemu is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352043
      • comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914040
    • AND
      • comment libvirt-daemon-driver-secret is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352015
      • comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914012
    • AND
      • comment libvirt-daemon-driver-storage is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352037
      • comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914018
    • AND
      • comment libvirt-daemon-kvm is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352039
      • comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914044
    • AND
      • comment libvirt-daemon-lxc is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352019
      • comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914030
    • AND
      • comment libvirt-devel is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352011
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581010
    • AND
      • comment libvirt-docs is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352017
      • comment libvirt-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914032
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352041
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581014
    • AND
      • comment libvirt-login-shell is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352033
      • comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914014
    • AND
      • comment libvirt-python is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352007
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581012
rhsa
id RHSA-2014:1352
released 2014-10-01
severity Moderate
title RHSA-2014:1352: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:1.1.1-29.el7_0.3
  • libvirt-client-0:1.1.1-29.el7_0.3
  • libvirt-daemon-0:1.1.1-29.el7_0.3
  • libvirt-daemon-config-network-0:1.1.1-29.el7_0.3
  • libvirt-daemon-config-nwfilter-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-interface-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-lxc-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-network-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-nodedev-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-nwfilter-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-qemu-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-secret-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-storage-0:1.1.1-29.el7_0.3
  • libvirt-daemon-kvm-0:1.1.1-29.el7_0.3
  • libvirt-daemon-lxc-0:1.1.1-29.el7_0.3
  • libvirt-devel-0:1.1.1-29.el7_0.3
  • libvirt-docs-0:1.1.1-29.el7_0.3
  • libvirt-lock-sanlock-0:1.1.1-29.el7_0.3
  • libvirt-login-shell-0:1.1.1-29.el7_0.3
  • libvirt-python-0:1.1.1-29.el7_0.3
  • libvirt-0:0.10.2-46.el6_6.2
  • libvirt-client-0:0.10.2-46.el6_6.2
  • libvirt-devel-0:0.10.2-46.el6_6.2
  • libvirt-lock-sanlock-0:0.10.2-46.el6_6.2
  • libvirt-python-0:0.10.2-46.el6_6.2
refmap via4
confirm
secunia
  • 60291
  • 62303
suse
  • openSUSE-SU-2014:1290
  • openSUSE-SU-2014:1293
ubuntu USN-2404-1
Last major update 19-11-2014 - 03:01
Published 06-10-2014 - 14:55
Back to Top