Vulnerabilities > CVE-2013-7336
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-328.NASL description libvirt was updated to fix various bugs and security issues : CVE-2013-7336: libvirt: unprivileged user can crash libvirtd during spice migration CVE-2013-6456: unsafe usage of paths under /proc/$PID/root Bugfixes for libvirt client killed on reboot shutdown. (bnc#852005) Also notify systemd when we are ready to accept connections. last seen 2020-06-05 modified 2014-06-13 plugin id 75338 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75338 title openSUSE Security Update : libvirt (openSUSE-SU-2014:0593-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-328. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75338); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-6456", "CVE-2013-7336"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-SU-2014:0593-1)"); script_summary(english:"Check for the openSUSE-2014-328 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "libvirt was updated to fix various bugs and security issues : CVE-2013-7336: libvirt: unprivileged user can crash libvirtd during spice migration CVE-2013-6456: unsafe usage of paths under /proc/$PID/root Bugfixes for libvirt client killed on reboot shutdown. (bnc#852005) Also notify systemd when we are ready to accept connections." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852005" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=857490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=868943" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=871154" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=873103" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-client-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-client-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-config-network-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-config-nwfilter-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-interface-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-interface-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-lxc-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-lxc-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-network-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-network-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-nodedev-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-nwfilter-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-qemu-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-qemu-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-secret-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-secret-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-storage-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-storage-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-uml-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-uml-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-vbox-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-driver-vbox-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-lxc-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-qemu-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-uml-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-daemon-vbox-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-debugsource-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-devel-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-lock-sanlock-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-lock-sanlock-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-login-shell-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-login-shell-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-python-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libvirt-python-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-client-32bit-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-debuginfo-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.1.2-2.26.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libvirt-devel-32bit-1.1.2-2.26.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-04.NASL description The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79814 published 2014-12-09 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79814 title GLSA-201412-04 : libvirt: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79814); script_version("$Revision: 1.4 $"); script_cvs_date("$Date: 2015/04/13 14:33:56 $"); script_cve_id("CVE-2013-4292", "CVE-2013-4296", "CVE-2013-4297", "CVE-2013-4399", "CVE-2013-4400", "CVE-2013-4401", "CVE-2013-5651", "CVE-2013-6436", "CVE-2013-6456", "CVE-2013-6457", "CVE-2013-6458", "CVE-2013-7336", "CVE-2014-0028", "CVE-2014-0179", "CVE-2014-1447", "CVE-2014-3633", "CVE-2014-5177", "CVE-2014-7823"); script_bugtraq_id(62070, 62510, 62576, 62791, 62972, 63324, 63325, 64723, 64945, 64963, 65004, 65743, 66304, 67289, 69033, 70186, 71095); script_xref(name:"GLSA", value:"201412-04"); script_name(english:"GLSA-201412-04 : libvirt: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-04 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-04" ); script_set_attribute( attribute:"solution", value: "All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-1.2.9-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/libvirt", unaffected:make_list("ge 1.2.9-r2"), vulnerable:make_list("lt 1.2.9-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2209-1.NASL description It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456) Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73940 published 2014-05-09 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73940 title Ubuntu 13.10 : libvirt vulnerabilities (USN-2209-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2209-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(73940); script_version("1.4"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2013-6456", "CVE-2013-7336"); script_bugtraq_id(65743, 66304); script_xref(name:"USN", value:"2209-1"); script_name(english:"Ubuntu 13.10 : libvirt vulnerabilities (USN-2209-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456) Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2209-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt-bin and / or libvirt0 packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"13.10", pkgname:"libvirt-bin", pkgver:"1.1.1-0ubuntu8.11")) flag++; if (ubuntu_check(osver:"13.10", pkgname:"libvirt0", pkgver:"1.1.1-0ubuntu8.11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt-bin / libvirt0"); }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 66304 CVE ID: CVE-2013-7336 Libvirt库是一种实现Linux虚拟化功能的Linux API,它支持各种Hypervisor,包括Xen和KVM,以及QEMU和用于其他操作系统的一些虚拟产品。 libvirt在实现上存在拒绝服务漏洞,攻击者可利用此漏洞造成受影响库崩溃。 0 libvirt 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://libvirt.org/index.html |
| id | SSV:61886 |
| last seen | 2017-11-19 |
| modified | 2014-03-21 |
| published | 2014-03-21 |
| reporter | Root |
| title | libvirt拒绝服务漏洞(CVE-2013-7336) |
References
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321
- http://libvirt.org/news.html
- http://libvirt.org/news.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html
- http://secunia.com/advisories/60895
- http://secunia.com/advisories/60895
- http://security.gentoo.org/glsa/glsa-201412-04.xml
- http://security.gentoo.org/glsa/glsa-201412-04.xml
- http://www.openwall.com/lists/oss-security/2014/03/18/1
- http://www.openwall.com/lists/oss-security/2014/03/18/1
- http://www.openwall.com/lists/oss-security/2014/03/18/3
- http://www.openwall.com/lists/oss-security/2014/03/18/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1077620
- https://bugzilla.redhat.com/show_bug.cgi?id=1077620