Libvirt Security Notice: LSN-2014-0001

libvirtd crashes if client closes connection early

Lifecycle

Reported on: 20140109
Published on: 20131231
Fixed on: 20140113

Credits

Reported by: Jiri Denemark
Patched by: Jiri Denemark

See also

Description

When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization.

Impact

A malicious unprivileged client can cause the libvirtd daemon to crash leading to a denial of service

Workaround

Disable keepalive feature in the libvirtd.conf configuration file

Affected product: libvirt

Branch master
Broken in: v0.9.8
Broken in: v0.9.9
Broken in: v0.9.10
Broken in: v0.9.11
Broken in: v0.9.12
Broken in: v0.9.13
Broken in: v0.10.0
Broken in: v0.10.1
Broken in: v0.10.2
Broken in: v1.0.0
Broken in: v1.0.1
Broken in: v1.0.2
Broken in: v1.0.3
Broken in: v1.0.4
Broken in: v1.0.5
Broken in: v1.0.6
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Broken in: v1.1.3
Broken in: v1.1.4
Broken in: v1.2.0
Fixed in: v1.2.1
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
Branch v0.9.11-maint
Broken in: v0.9.11.1
Broken in: v0.9.11.2
Broken in: v0.9.11.3
Broken in: v0.9.11.4
Broken in: v0.9.11.5
Broken in: v0.9.11.6
Broken in: v0.9.11.7
Broken in: v0.9.11.8
Broken in: v0.9.11.9
Broken in: v0.9.11.10
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Branch v0.9.12-maint
Broken in: v0.9.12.1
Broken in: v0.9.12.2
Fixed in: v0.9.12.3
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: c385db5994842466ad3afd3ec4414dc67e41f8d3
Branch v0.10.2-maint
Broken in: v0.10.2.1
Broken in: v0.10.2.2
Broken in: v0.10.2.3
Broken in: v0.10.2.4
Broken in: v0.10.2.5
Broken in: v0.10.2.6
Broken in: v0.10.2.7
Broken in: v0.10.2.8
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 35ed9796981cf7b939f28b60ca828824a0488a3a
Branch v1.0.0-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Branch v1.0.1-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Branch v1.0.2-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1
Branch v1.0.3-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: b24979a12fcb8fc82b3a52159d578e7eba2ca466
Branch v1.0.4-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 9b1e050856310ea688ba55668ffa6df31bd0d721
Branch v1.0.5-maint
Broken in: v1.0.5.1
Broken in: v1.0.5.2
Broken in: v1.0.5.3
Broken in: v1.0.5.4
Broken in: v1.0.5.5
Broken in: v1.0.5.6
Broken in: v1.0.5.7
Broken in: v1.0.5.8
Fixed in: v1.0.5.9
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 99f8d97aa7498ae06bfbefc0d4d71351d0831016
Branch v1.0.6-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 5055fe4b2db9927f02e3ec7e86f343fcc9e87879
Branch v1.1.0-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: c86813d5527c4e559dded3a7565dc420ac25c30e
Branch v1.1.1-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 08672cff7b2fe789bea4ebb1fed883c93b98ea0d
Branch v1.1.2-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 2842b103b1cd5d0872050a164b758967eb2e4be4
Branch v1.1.3-maint
Broken in: v1.1.3.1
Broken in: v1.1.3.2
Fixed in: v1.1.3.3
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: 8342adeffb260c564edd4d7279fcb8c3499a997f
Branch v1.1.4-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: eb365315ac7784817769704729a69d4a82a71b50
Branch v1.2.0-maint
Broken by: f4324e32927580e3620f0de3a0ec80334936e263
Fixed by: a19f700b642115963ce6007cf22945870c9e8616

Alternative formats: [xml] [text]