Libvirt Security Notice Index > 2014 > LSN-2014-0001 [xml] [text]

Libvirt Security Notice: LSN-2014-0001

libvirtd crashes if client closes connection early

Lifecycle

Reported on:	20140109
Published on:	20131231
Fixed on:	20140113

Credits

Reported by:	Jiri Denemark
Patched by:	Jiri Denemark

See also

CVE-2014-1447

Description

When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization.

Impact

A malicious unprivileged client can cause the libvirtd daemon to crash leading to a denial of service

Workaround

Disable keepalive feature in the libvirtd.conf configuration file

Affected product: libvirt

Branch: master

Broken in:: v0.9.8
v0.9.9
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.10.0
v0.10.1
v0.10.2
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
Fixed in:: v1.2.1
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0

Branch: v0.9.11-maint

Broken in:: v0.9.11.1
v0.9.11.2
v0.9.11.3
v0.9.11.4
v0.9.11.5
v0.9.11.6
v0.9.11.7
v0.9.11.8
v0.9.11.9
v0.9.11.10
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:

Branch: v0.9.12-maint

Broken in:: v0.9.12.1
v0.9.12.2
Fixed in:: v0.9.12.3
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: c385db5994842466ad3afd3ec4414dc67e41f8d3

Branch: v0.10.2-maint

Broken in:: v0.10.2.1
v0.10.2.2
v0.10.2.3
v0.10.2.4
v0.10.2.5
v0.10.2.6
v0.10.2.7
v0.10.2.8
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 35ed9796981cf7b939f28b60ca828824a0488a3a

Branch: v1.0.0-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:

Branch: v1.0.1-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:

Branch: v1.0.2-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1

Branch: v1.0.3-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: b24979a12fcb8fc82b3a52159d578e7eba2ca466

Branch: v1.0.4-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 9b1e050856310ea688ba55668ffa6df31bd0d721

Branch: v1.0.5-maint

Broken in:: v1.0.5.1
v1.0.5.2
v1.0.5.3
v1.0.5.4
v1.0.5.5
v1.0.5.6
v1.0.5.7
v1.0.5.8
Fixed in:: v1.0.5.9
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 99f8d97aa7498ae06bfbefc0d4d71351d0831016

Branch: v1.0.6-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 5055fe4b2db9927f02e3ec7e86f343fcc9e87879

Branch: v1.1.0-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: c86813d5527c4e559dded3a7565dc420ac25c30e

Branch: v1.1.1-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 08672cff7b2fe789bea4ebb1fed883c93b98ea0d

Branch: v1.1.2-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 2842b103b1cd5d0872050a164b758967eb2e4be4

Branch: v1.1.3-maint

Broken in:: v1.1.3.1
v1.1.3.2
Fixed in:: v1.1.3.3
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: 8342adeffb260c564edd4d7279fcb8c3499a997f

Branch: v1.1.4-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: eb365315ac7784817769704729a69d4a82a71b50

Branch: v1.2.0-maint

Broken in:
Fixed in:
Broken by:: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by:: a19f700b642115963ce6007cf22945870c9e8616

Alternative formats: [xml] [text]

Home

Website (via DuckDuckGo) Wiki (via DuckDuckGo) Developers list Users list

Contact

email
irc

Community

Contribute

edit this page

Participants in the libvirt project agree to abide by the project code of conduct