Vulnerabilities > CVE-2013-6458 - Race Condition vulnerability in Redhat Libvirt
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20140128_LIBVIRT_ON_SL6_X.NASL description A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read- only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : - A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-03-18 modified 2014-01-29 plugin id 72197 published 2014-01-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72197 title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20140128) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(72197); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2013-6458", "CVE-2014-1447"); script_name(english:"Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20140128)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read- only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : - A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. After installing the updated packages, libvirtd will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1401&L=scientific-linux-errata&T=0&P=1355 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f1b5f4d4" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-python"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libvirt-0.10.2-29.el6_5.3")) flag++; if (rpm_check(release:"SL6", reference:"libvirt-client-0.10.2-29.el6_5.3")) flag++; if (rpm_check(release:"SL6", reference:"libvirt-debuginfo-0.10.2-29.el6_5.3")) flag++; if (rpm_check(release:"SL6", reference:"libvirt-devel-0.10.2-29.el6_5.3")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"libvirt-lock-sanlock-0.10.2-29.el6_5.3")) flag++; if (rpm_check(release:"SL6", reference:"libvirt-python-0.10.2-29.el6_5.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-debuginfo / libvirt-devel / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-04.NASL description The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79814 published 2014-12-09 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79814 title GLSA-201412-04 : libvirt: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79814); script_version("$Revision: 1.4 $"); script_cvs_date("$Date: 2015/04/13 14:33:56 $"); script_cve_id("CVE-2013-4292", "CVE-2013-4296", "CVE-2013-4297", "CVE-2013-4399", "CVE-2013-4400", "CVE-2013-4401", "CVE-2013-5651", "CVE-2013-6436", "CVE-2013-6456", "CVE-2013-6457", "CVE-2013-6458", "CVE-2013-7336", "CVE-2014-0028", "CVE-2014-0179", "CVE-2014-1447", "CVE-2014-3633", "CVE-2014-5177", "CVE-2014-7823"); script_bugtraq_id(62070, 62510, 62576, 62791, 62972, 63324, 63325, 64723, 64945, 64963, 65004, 65743, 66304, 67289, 69033, 70186, 71095); script_xref(name:"GLSA", value:"201412-04"); script_name(english:"GLSA-201412-04 : libvirt: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-04" ); script_set_attribute( attribute:"solution", value: "All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-1.2.9-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/libvirt", unaffected:make_list("ge 1.2.9-r2"), vulnerable:make_list("lt 1.2.9-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1042.NASL description - Rebased to version 1.1.3.3 - Fix crash in virDBusAddWatch (bz #885445) - Cleanup migration ports when migration is cancelled (bz #1018530) - Fix virt-login-shell (bz #1054479) - CVE-2013-6458 libvirt: qemu: job usage issue in several APIs leading to libvirtd crash (bz #1054206, bz #1048631) - CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters (bz #1049136, bz #1042252) - CVE-2014-0028 libvirt: event registration bypasses domain:getattr ACL (bz #1054203, bz #1048637) - CVE-2014-1447: libvirt: denial of service with keepalive (bz 1052957, bz 1054808) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-01-21 plugin id 72049 published 2014-01-21 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72049 title Fedora 20 : libvirt-1.1.3.3-1.fc20 (2014-1042) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-1042. # include("compat.inc"); if (description) { script_id(72049); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4400"); script_xref(name:"FEDORA", value:"2014-1042"); script_name(english:"Fedora 20 : libvirt-1.1.3.3-1.fc20 (2014-1042)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Rebased to version 1.1.3.3 - Fix crash in virDBusAddWatch (bz #885445) - Cleanup migration ports when migration is cancelled (bz #1018530) - Fix virt-login-shell (bz #1054479) - CVE-2013-6458 libvirt: qemu: job usage issue in several APIs leading to libvirtd crash (bz #1054206, bz #1048631) - CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters (bz #1049136, bz #1042252) - CVE-2014-0028 libvirt: event registration bypasses domain:getattr ACL (bz #1054203, bz #1048637) - CVE-2014-1447: libvirt: denial of service with keepalive (bz 1052957, bz 1054808) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054479" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=885445" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126930.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d025c43f" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"libvirt-1.1.3.3-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1090.NASL description - Rebased to version 1.0.5.9 - Fix crash in virDBusAddWatch (bz #885445) - Cleanup migration ports when migration is cancelled (bz #1018530) - CVE-2013-6458 libvirt: qemu: job usage issue in several APIs leading to libvirtd crash (bz #1054206, bz #1048631) - CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters (bz #1049136, bz #1042252) - CVE-2014-1447: libvirt: denial of service with keepalive (bz 1052957, bz 1054808) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-01-27 plugin id 72137 published 2014-01-27 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72137 title Fedora 19 : libvirt-1.0.5.9-1.fc19 (2014-1090) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-1090. # include("compat.inc"); if (description) { script_id(72137); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6458"); script_bugtraq_id(64723); script_xref(name:"FEDORA", value:"2014-1090"); script_name(english:"Fedora 19 : libvirt-1.0.5.9-1.fc19 (2014-1090)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Rebased to version 1.0.5.9 - Fix crash in virDBusAddWatch (bz #885445) - Cleanup migration ports when migration is cancelled (bz #1018530) - CVE-2013-6458 libvirt: qemu: job usage issue in several APIs leading to libvirtd crash (bz #1054206, bz #1048631) - CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters (bz #1049136, bz #1042252) - CVE-2014-1447: libvirt: denial of service with keepalive (bz 1052957, bz 1054808) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1018530" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054206" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127280.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4f0349d" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"libvirt-1.0.5.9-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0103.NASL description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 72196 published 2014-01-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72196 title RHEL 6 : libvirt (RHSA-2014:0103) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-151.NASL description This update fixes the following security issues with libvirt : - bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu domains (CVE-2013-6458) - bnc#858817: Don last seen 2020-06-05 modified 2014-06-13 plugin id 75263 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75263 title openSUSE Security Update : libvirt (openSUSE-SU-2014:0270-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2093-1.NASL description Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-6436) Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. (CVE-2013-6457) It was discovered that libvirt contained multiple race conditions in block device handling. A remote read-only user could use this flaw to cause libvirtd to crash, resulting in a denial of service. (CVE-2013-6458) Eric Blake discovered that libvirt incorrectly handled certain ACLs. An attacker could use this flaw to possibly obtain certain sensitive information. This issue only affected Ubuntu 13.10. (CVE-2014-0028) Jiri Denemark discovered that libvirt incorrectly handled keepalives. A remote attacker could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. (CVE-2014-1447). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-01-31 plugin id 72232 published 2014-01-31 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72232 title Ubuntu 12.04 LTS / 12.10 / 13.10 : libvirt vulnerabilities (USN-2093-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2846.NASL description Multiple security issues have been found in Libvirt, a virtualisation abstraction library : - CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. - CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd. last seen 2020-03-17 modified 2014-01-20 plugin id 72011 published 2014-01-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72011 title Debian DSA-2846-1 : libvirt - several vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-154.NASL description This update fixes the following security and non security issues with libvirt : - bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu domains (CVE-2013-6458) - bnc#858817: Don last seen 2020-06-05 modified 2014-06-13 plugin id 75266 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75266 title openSUSE Security Update : libvirt (openSUSE-SU-2014:0268-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0103.NASL description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 72205 published 2014-01-30 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72205 title CentOS 6 : libvirt (CESA-2014:0103) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBVIRT-140211.NASL description This update fixes the following one non-security and two security issues with libvirt : - Fixing device assignment problem with Broadcom 57810 NIC to Guest OS. (bnc#817407) - qemu job usage issue in several API leading to libvirtd crash. (CVE-2013-6458). (bnc#857492) - denial of service with keepalive (CVE-2014-1447). (bnc#858817) last seen 2020-06-05 modified 2014-03-03 plugin id 72769 published 2014-03-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72769 title SuSE 11.3 Security Update : libvirt (SAT Patch Number 8886) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0103.NASL description From Red Hat Security Advisory 2014:0103 : Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug : * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 72195 published 2014-01-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72195 title Oracle Linux 6 : libvirt (ELSA-2014-0103)
Redhat
advisories |
| ||||
rpms |
|
References
- http://libvirt.org/news.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html
- http://rhn.redhat.com/errata/RHSA-2014-0103.html
- http://secunia.com/advisories/56186
- http://secunia.com/advisories/56446
- http://secunia.com/advisories/60895
- http://security.gentoo.org/glsa/glsa-201412-04.xml
- http://www.debian.org/security/2014/dsa-2846
- http://www.ubuntu.com/usn/USN-2093-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1043069