Libvirt Security Notice Index > 2012 > LSN-2012-0003 [xml] [text]

Libvirt Security Notice: LSN-2012-0003

Crash of libvirt when dispatching illegal RPC procedure

Lifecycle

Reported on: 20120913
Published on: 20120724
Fixed on: 20120914

Credits

Reported by: Wenlong Huang
Patched by: Martin Kletzander

See also

Description

Sending RPC message with an event number as the RPC procedure number could lead to the daemon accessing a NULL pointer in the RPC dispatch table.

Impact

A malicious client could cause the libvirtd daemon to crash resulting in a denial of service attack.

Workaround

Update the UNIX socket permissions to prevent a malicious user from connecting to libvirtd.

Affected product: libvirt

Branch: master

Broken in:
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.10.0
v0.10.1
Fixed in:
v0.10.2
Broken by:
a147ef38374f17c3d02b7db8e857ca33c5c346f9
Fixed by:
b7ff9e696063189a715802d081d55a398663c15a

Branch: v0.8.3-maint

Broken in:
Fixed in:
Broken by:
a147ef38374f17c3d02b7db8e857ca33c5c346f9
Fixed by:

Branch: v0.9.6-maint

Broken in:
v0.9.6.1
v0.9.6.2
Fixed in:
v0.9.6.3
Broken by:
a147ef38374f17c3d02b7db8e857ca33c5c346f9
Fixed by:
c84053c2ab1c9a9b1d798285373a2572ee37aa92

Branch: v0.9.11-maint

Broken in:
v0.9.11.1
v0.9.11.2
v0.9.11.3
v0.9.11.4
v0.9.11.5
Fixed in:
v0.9.11.6
Broken by:
a147ef38374f17c3d02b7db8e857ca33c5c346f9
Fixed by:
b2c5a911979eaccfb6895d58cbcc4e3a200d9d61

Branch: v0.9.12-maint

Broken in:
Fixed in:
v0.9.12.1
Broken by:
a147ef38374f17c3d02b7db8e857ca33c5c346f9
Fixed by:
addf5e1b3160cbc91cf0f56cd97d1a38a6fb91e8

Alternative formats: [xml] [text]