Libvirt Security Notice: LSN-2013-0007

Crash listing inactive domains in Xen driver

Lifecycle

Reported on: 20130805
Published on: 20130805
Fixed on: 20130805

Credits

Reported by: Jim Fehlig
Patched by: Jim Fehlig

See also

Description

The legacy Xen driver code for listing inactive domains would start populating an array at index -1. This causes memory corruption leading to a crash of libvirtd

Impact

An unprivileged user can crash libvirtd by requesting a list of inactive domains on a Xen host

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch master
Broken in: v1.1.1
Fixed in: v1.1.2
Broken by: 632180d14f4a4934436ee4c9ebd8f6b8feed671f
Fixed by: 0e671a1646df543eab683b38f6644f70d12fbee1
Branch v1.1.1-maint
Broken by: 632180d14f4a4934436ee4c9ebd8f6b8feed671f
Fixed by: 673ff0d7ea937b104c67161843949e83b8080c3b

Alternative formats: [xml] [text]