ID CVE-2011-1486
Summary libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
CVSS
Base: 3.3 (as of 12-08-2011 - 02:44)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:A/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 693391
    title CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment libvirt is earlier than 0:0.8.2-15.el5_6.4
            oval oval:com.redhat.rhsa:tst:20110478001
          • comment libvirt is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382002
        • AND
          • comment libvirt-devel is earlier than 0:0.8.2-15.el5_6.4
            oval oval:com.redhat.rhsa:tst:20110478003
          • comment libvirt-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382004
        • AND
          • comment libvirt-python is earlier than 0:0.8.2-15.el5_6.4
            oval oval:com.redhat.rhsa:tst:20110478005
          • comment libvirt-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382006
    rhsa
    id RHSA-2011:0478
    released 2011-05-02
    severity Moderate
    title RHSA-2011:0478: libvirt security update (Moderate)
  • bugzilla
    id 693391
    title CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment libvirt is earlier than 0:0.8.1-27.el6_0.6
            oval oval:com.redhat.rhsa:tst:20110479001
          • comment libvirt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581002
        • AND
          • comment libvirt-client is earlier than 0:0.8.1-27.el6_0.6
            oval oval:com.redhat.rhsa:tst:20110479003
          • comment libvirt-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581004
        • AND
          • comment libvirt-devel is earlier than 0:0.8.1-27.el6_0.6
            oval oval:com.redhat.rhsa:tst:20110479005
          • comment libvirt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581006
        • AND
          • comment libvirt-python is earlier than 0:0.8.1-27.el6_0.6
            oval oval:com.redhat.rhsa:tst:20110479007
          • comment libvirt-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581010
    rhsa
    id RHSA-2011:0479
    released 2011-05-02
    severity Moderate
    title RHSA-2011:0479: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.8.2-15.el5_6.4
  • libvirt-debuginfo-0:0.8.2-15.el5_6.4
  • libvirt-devel-0:0.8.2-15.el5_6.4
  • libvirt-python-0:0.8.2-15.el5_6.4
  • libvirt-0:0.8.1-27.el6_0.6
  • libvirt-client-0:0.8.1-27.el6_0.6
  • libvirt-debuginfo-0:0.8.1-27.el6_0.6
  • libvirt-devel-0:0.8.1-27.el6_0.6
  • libvirt-python-0:0.8.1-27.el6_0.6
refmap via4
bid 47148
confirm
debian DSA-2280
mlist [libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe
sectrack 1025477
secunia 44459
ubuntu USN-1152-1
Last major update 12-08-2011 - 02:44
Published 31-05-2011 - 20:55
Last modified 12-08-2011 - 02:44
Back to Top