ID CVE-2012-3445
Summary The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 22-03-2013 - 03:11)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 847946
title libvirtd may hang during tunneled migration
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libvirt is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581006
    • AND
      • comment libvirt-client is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202009
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581008
    • AND
      • comment libvirt-devel is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202007
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581010
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202013
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581014
    • AND
      • comment libvirt-python is earlier than 0:0.9.10-21.el6_3.4
        oval oval:com.redhat.rhsa:tst:20121202011
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20131581012
rhsa
id RHSA-2012:1202
released 2012-08-23
severity Moderate
title RHSA-2012:1202: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.9.10-21.el6_3.4
  • libvirt-client-0:0.9.10-21.el6_3.4
  • libvirt-devel-0:0.9.10-21.el6_3.4
  • libvirt-lock-sanlock-0:0.9.10-21.el6_3.4
  • libvirt-python-0:0.9.10-21.el6_3.4
refmap via4
bid 54748
misc https://bugzilla.redhat.com/show_bug.cgi?id=844734
mlist
  • [libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear
  • [oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear
  • [oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear
secunia
  • 50118
  • 50299
  • 50372
suse openSUSE-SU-2012:0991
Last major update 22-03-2013 - 03:11
Published 07-08-2012 - 21:55
Back to Top