Vulnerabilities > CVE-2012-3445 - Resource Management Errors vulnerability in Redhat Libvirt 0.9.13

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
redhat
CWE-399
nessus

Summary

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1202.NASL
    descriptionFrom Red Hat Security Advisory 2012:1202 : Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd
    last seen2020-06-01
    modified2020-06-02
    plugin id68603
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68603
    titleOracle Linux 6 : libvirt (ELSA-2012-1202)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12523.NASL
    description - Rebased to version 0.9.11.5 - CVE-2012-3445 crash in virTypedParameterArrayClear (bz 844734) - Fix libvirt-guests (bz 843836) - Fix occasional loss of domain events in boxes (bz 819617) - Drop bogus daemon dep additions (bz 849159) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-09-05
    plugin id61779
    published2012-09-05
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61779
    titleFedora 17 : libvirt-0.9.11.5-3.fc17 (2012-12523)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-11843.NASL
    description - Rebased to version 0.9.6.2 - Fix crash in virTypedParameterArrayClear (bz 844745, bz 844734) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-08-23
    plugin id61631
    published2012-08-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61631
    titleFedora 16 : libvirt-0.9.6.2-1.fc16 (2012-11843)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1325.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id78935
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78935
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:1325)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-514.NASL
    descriptionlibvirt was updated to fix a remote denial of service which could lead to crashes in virtd.
    last seen2020-06-05
    modified2014-06-13
    plugin id74713
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74713
    titleopenSUSE Security Update : libvirt (openSUSE-SU-2012:0991-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1202.NASL
    descriptionUpdated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd
    last seen2020-06-01
    modified2020-06-02
    plugin id61654
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61654
    titleRHEL 6 : libvirt (RHSA-2012:1202)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120823_LIBVIRT_ON_SL6_X.NASL
    descriptionThe libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd
    last seen2020-03-18
    modified2012-08-24
    plugin id61656
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61656
    titleScientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20120823)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1202.NASL
    descriptionUpdated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd
    last seen2020-06-01
    modified2020-06-02
    plugin id61661
    published2012-08-27
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61661
    titleCentOS 6 : libvirt (CESA-2012:1202)

Redhat

advisories
bugzilla
id847946
titlelibvirtd may hang during tunneled migration
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentlibvirt-python is earlier than 0:0.9.10-21.el6_3.4
          ovaloval:com.redhat.rhsa:tst:20121202001
        • commentlibvirt-python is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20131581006
      • AND
        • commentlibvirt-client is earlier than 0:0.9.10-21.el6_3.4
          ovaloval:com.redhat.rhsa:tst:20121202003
        • commentlibvirt-client is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20131581008
      • AND
        • commentlibvirt is earlier than 0:0.9.10-21.el6_3.4
          ovaloval:com.redhat.rhsa:tst:20121202005
        • commentlibvirt is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20131581010
      • AND
        • commentlibvirt-devel is earlier than 0:0.9.10-21.el6_3.4
          ovaloval:com.redhat.rhsa:tst:20121202007
        • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20131581004
      • AND
        • commentlibvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.4
          ovaloval:com.redhat.rhsa:tst:20121202009
        • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20131581002
rhsa
idRHSA-2012:1202
released2012-08-23
severityModerate
titleRHSA-2012:1202: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.9.10-21.el6_3.4
  • libvirt-client-0:0.9.10-21.el6_3.4
  • libvirt-debuginfo-0:0.9.10-21.el6_3.4
  • libvirt-devel-0:0.9.10-21.el6_3.4
  • libvirt-lock-sanlock-0:0.9.10-21.el6_3.4
  • libvirt-python-0:0.9.10-21.el6_3.4