Vulnerabilities > CVE-2013-0170 - Use After Free vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Redhat
| 31 |
OS | 3 | |
OS | 2 | |
OS | 3 | |
OS | 4 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1626.NASL description - Rebased to version 0.9.11.9 - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-08 plugin id 64496 published 2013-02-08 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64496 title Fedora 17 : libvirt-0.9.11.9-1.fc17 (2013-1626) NASL family Fedora Local Security Checks NASL id FEDORA_2013-1642.NASL description - Rebased to version 0.9.6.4 - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-08 plugin id 64497 published 2013-02-08 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64497 title Fedora 16 : libvirt-0.9.6.4-1.fc16 (2013-1642) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-105.NASL description libvirt was updated to fix some bugs and security issues : Security issues fixed : - Fix crash on error paths of message dispatching, CVE-2013-0170 bnc#800976 - security: Fix libvirtd crash possibility CVE-2012-4423 bnc#780432 Also bugs were fixed : - qemu: Fix probing for guest capabilities bnc#772586 - xen-xm: Generate UUID if not specified bnc#773626 - xenParseXM: don last seen 2020-06-05 modified 2014-06-13 plugin id 74880 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74880 title openSUSE Security Update : libvirt (openSUSE-SU-2013:0274-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-108.NASL description - Update to libvirt 0.9.11.9 stable release - Fixes CVE-2013-0170 by including cherry picked master commit 46532e3e, bnc#800976 - Fix starting lxc VM e.g from OpenStack bnc#793900 and rh#858104 last seen 2020-06-05 modified 2014-06-13 plugin id 74883 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74883 title openSUSE Security Update : libvirt (openSUSE-SU-2013:0275-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0199.NASL description From Red Hat Security Advisory 2013:0199 : Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) This issue was discovered by Tingting Zheng of Red Hat. All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68716 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68716 title Oracle Linux 6 : libvirt (ELSA-2013-0199) NASL family Scientific Linux Local Security Checks NASL id SL_20130128_LIBVIRT_ON_SL6_X.NASL description A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-03-18 modified 2013-01-29 plugin id 64282 published 2013-01-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64282 title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130128) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-18.NASL description The remote host is affected by the vulnerability described in GLSA-201309-18 (libvirt: Multiple vulnerabilities) An error in the virNetMessageFree() function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command can lead to file descriptor exhaustion. Impact : A remote attacker could cause certain errors during an RPC connection to cause a message to be freed without being removed from the message queue, possibly resulting in execution of arbitrary code or a Denial of Service condition. Additionally, a remote attacker could repeatedly issue the command to list all pool volumes, causing a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70130 published 2013-09-26 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70130 title GLSA-201309-18 : libvirt: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1708-1.NASL description Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-4423) Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-0170). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64289 published 2013-01-30 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64289 title Ubuntu 12.04 LTS / 12.10 : libvirt vulnerabilities (USN-1708-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0199.NASL description Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) This issue was discovered by Tingting Zheng of Red Hat. All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 64280 published 2013-01-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64280 title RHEL 6 : libvirt (RHSA-2013:0199) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0199.NASL description Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) This issue was discovered by Tingting Zheng of Red Hat. All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67096 published 2013-06-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67096 title CentOS 6 : libvirt (CESA-2013:0199) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBVIRT-130205.NASL description libvirt was updated to fix the following security issue : - A flaw was found in the way message freeing on connection cleanup was handled under certain error conditions. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. (CVE-2013-0170) Also following bug has been fixed : - Add managedSave functions to legacy xen driver (bnc#782311) last seen 2020-06-05 modified 2013-02-21 plugin id 64781 published 2013-02-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64781 title SuSE 11.2 Security Update : libvirt (SAT Patch Number 7310) NASL family Fedora Local Security Checks NASL id FEDORA_2013-1644.NASL description - Rebased to version 0.10.2.3 - Fix libxl driver to build against xen 4.2 (bz #870689) - Fix possible crash when destroying guests (bz #877110) - Fix loading sysctl file (bz #887017) - Fix svirt memory leak (bz #890039) - Fix attaching PCI netdev to VM (bz #893131) - Fix libvirtd segfault on shutdown (bz #903184) - Raise mem limit to stop qemu processes from getting OOM killed (bz #903432) - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-06 plugin id 64477 published 2013-02-06 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64477 title Fedora 18 : libvirt-0.10.2.3-1.fc18 (2013-1644)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/57578
- http://osvdb.org/89644
- http://wiki.libvirt.org/page/Maintenance_Releases
- http://secunia.com/advisories/52001
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html
- http://www.securitytracker.com/id/1028047
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html
- http://libvirt.org/news.html
- https://bugzilla.redhat.com/show_bug.cgi?id=893450
- http://secunia.com/advisories/52003
- http://rhn.redhat.com/errata/RHSA-2013-0199.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html
- http://www.ubuntu.com/usn/USN-1708-1
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81552
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720