Libvirt Security Notice Index > 2013 > LSN-2013-0002 [xml] [text]

Libvirt Security Notice: LSN-2013-0002

Leak of file descriptors when listing storage volumes

Lifecycle

Reported on: 20130412
Published on: 20130516
Fixed on: 20130516

Credits

Reported by: Ján Tomko
Patched by: Ján Tomko

See also

Description

When listing storage volumes an object was not freed, which caused a libvirt connection to be kept open inside libvirtd. This caused a leak of file descriptors which would eventually exhaust the allowed range.

Impact

A client with a read only connection to libvirtd can cause exhaustion of all file descriptors in libvirtd resulting in a denial of service

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch: master

Broken in:
v0.10.2
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
Fixed in:
v1.0.6
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739

Branch: v0.10.2-maint

Broken in:
v0.10.2.1
v0.10.2.2
v0.10.2.3
v0.10.2.4
Fixed in:
v0.10.2.5
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
0f2eda0da9efd25b280c23a5a0d0fdf46f0c3c67

Branch: v1.0.0-maint

Broken in:
Fixed in:
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:

Branch: v1.0.1-maint

Broken in:
Fixed in:
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:

Branch: v1.0.2-maint

Broken in:
Fixed in:
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
89c74908954ede64756faaf6f3e6ebc0d425c6f9

Branch: v1.0.3-maint

Broken in:
Fixed in:
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
7d5e3f026603d7e6d78254e972332fdd6b234863

Branch: v1.0.4-maint

Broken in:
Fixed in:
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
24317824e01013209157a58f6130eecb873a3fba

Branch: v1.0.5-maint

Broken in:
Fixed in:
v1.0.5.1
Broken by:
a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1
Fixed by:
71e7f1392bbc42699b79adcbe8bb34d32cb8e442

Alternative formats: [xml] [text]