Libvirt Security Notice: LSN-2013-0013

Crash of libvirtd when ACLs are active and events registered

Lifecycle

Reported on: 20131002
Published on: 20130927
Fixed on: 20130927

Credits

Reported by: Zhenfang Wang
Patched by: Daniel Berrange

See also

Description

When a connection to libvirtd is closed any event handlers registered must be removed. When ACLs were active no identity was set when removing the event handlers, so the operation was denied. Thus event handlers remained connected to a client that had been freed.

Impact

An unprivileged user can cause a crash of the libvirtd daemon when ACLs are active by registering one or more event handlers. This leads to a denial of service.

Workaround

Remove access from unprivileged local users or block access to the event APIs using ACLs

Affected product: libvirt

Branch master
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Fixed in: v1.1.3
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 8294aa0c1750dcb49d6345cd9bd97bf421580d8b
Branch v1.1.0-maint
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 03288d0de6894e18c9be187e2ace0cc50f15ceaa
Branch v1.1.1-maint
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 966025b1c6a6c0043c4d1c5f0c9ba218e3fe113b
Branch v1.1.2-maint
Broken by: ed3bac713c3cfc055ef551cbfe92a061084382c3
Fixed by: 841284a04895f3fc4c5ae9073e33a6130776efa7

Alternative formats: [xml] [text]