Libvirt Security Notice: LSN-2012-0003 ====================================== Summary: Crash of libvirt when dispatching illegal RPC procedure Reported on: 20120913 Published on: 20120724 Fixed on: 20120914 Reported by: Wenlong Huang Patched by: Martin Kletzander See also: CVE-2012-4423 Description ----------- Sending RPC message with an event number as the RPC procedure number could lead to the daemon accessing a NULL pointer in the RPC dispatch table. Impact ------ A malicious client could cause the libvirtd daemon to crash resulting in a denial of service attack. Workaround ---------- Update the UNIX socket permissions to prevent a malicious user from connecting to libvirtd. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.7.0 Broken in: v0.7.1 Broken in: v0.7.2 Broken in: v0.7.3 Broken in: v0.7.4 Broken in: v0.7.5 Broken in: v0.7.6 Broken in: v0.7.7 Broken in: v0.8.0 Broken in: v0.8.1 Broken in: v0.8.2 Broken in: v0.8.3 Broken in: v0.8.4 Broken in: v0.8.5 Broken in: v0.8.6 Broken in: v0.8.7 Broken in: v0.8.8 Broken in: v0.9.0 Broken in: v0.9.1 Broken in: v0.9.2 Broken in: v0.9.3 Broken in: v0.9.4 Broken in: v0.9.5 Broken in: v0.9.6 Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Fixed in: v0.10.2 Broken by: a147ef38374f17c3d02b7db8e857ca33c5c346f9 Fixed by: b7ff9e696063189a715802d081d55a398663c15a Branch: v0.8.3-maint Broken by: a147ef38374f17c3d02b7db8e857ca33c5c346f9 Branch: v0.9.6-maint Broken in: v0.9.6.1 Broken in: v0.9.6.2 Fixed in: v0.9.6.3 Broken by: a147ef38374f17c3d02b7db8e857ca33c5c346f9 Fixed by: c84053c2ab1c9a9b1d798285373a2572ee37aa92 Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Fixed in: v0.9.11.6 Broken by: a147ef38374f17c3d02b7db8e857ca33c5c346f9 Fixed by: b2c5a911979eaccfb6895d58cbcc4e3a200d9d61 Branch: v0.9.12-maint Fixed in: v0.9.12.1 Broken by: a147ef38374f17c3d02b7db8e857ca33c5c346f9 Fixed by: addf5e1b3160cbc91cf0f56cd97d1a38a6fb91e8