Vulnerabilities > CVE-2012-3445 - Resource Management Errors vulnerability in Redhat Libvirt 0.9.13
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1202.NASL description From Red Hat Security Advisory 2012:1202 : Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd last seen 2020-06-01 modified 2020-06-02 plugin id 68603 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68603 title Oracle Linux 6 : libvirt (ELSA-2012-1202) NASL family Fedora Local Security Checks NASL id FEDORA_2012-12523.NASL description - Rebased to version 0.9.11.5 - CVE-2012-3445 crash in virTypedParameterArrayClear (bz 844734) - Fix libvirt-guests (bz 843836) - Fix occasional loss of domain events in boxes (bz 819617) - Drop bogus daemon dep additions (bz 849159) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-05 plugin id 61779 published 2012-09-05 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61779 title Fedora 17 : libvirt-0.9.11.5-3.fc17 (2012-12523) NASL family Fedora Local Security Checks NASL id FEDORA_2012-11843.NASL description - Rebased to version 0.9.6.2 - Fix crash in virTypedParameterArrayClear (bz 844745, bz 844734) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-08-23 plugin id 61631 published 2012-08-23 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61631 title Fedora 16 : libvirt-0.9.6.2-1.fc16 (2012-11843) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1325.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78935 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78935 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-514.NASL description libvirt was updated to fix a remote denial of service which could lead to crashes in virtd. last seen 2020-06-05 modified 2014-06-13 plugin id 74713 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74713 title openSUSE Security Update : libvirt (openSUSE-SU-2012:0991-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1202.NASL description Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd last seen 2020-06-01 modified 2020-06-02 plugin id 61654 published 2012-08-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61654 title RHEL 6 : libvirt (RHSA-2012:1202) NASL family Scientific Linux Local Security Checks NASL id SL_20120823_LIBVIRT_ON_SL6_X.NASL description The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd last seen 2020-03-18 modified 2012-08-24 plugin id 61656 published 2012-08-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61656 title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20120823) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1202.NASL description Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd last seen 2020-06-01 modified 2020-06-02 plugin id 61661 published 2012-08-27 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61661 title CentOS 6 : libvirt (CESA-2012:1202)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html
- http://rhn.redhat.com/errata/RHSA-2012-1202.html
- http://secunia.com/advisories/50118
- http://secunia.com/advisories/50299
- http://secunia.com/advisories/50372
- http://www.openwall.com/lists/oss-security/2012/07/31/4
- http://www.openwall.com/lists/oss-security/2012/07/31/7
- http://www.securityfocus.com/bid/54748
- https://bugzilla.redhat.com/show_bug.cgi?id=844734
- https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html