SB2012022703 - Gentoo update for libvirt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012022703

SB2012022703 - Gentoo update for libvirt

Published: February 27, 2012 Updated: September 25, 2016

Security Bulletin ID SB2012022703
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-1146)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.


2) Resource management error (CVE-ID: CVE-2011-1486)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.


3) Input validation error (CVE-ID: CVE-2011-2178)

The vulnerability allows a local #AU# to gain access to sensitive information.

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.


4) Input validation error (CVE-ID: CVE-2011-2511)

The vulnerability allows a remote #AU# to perform service disruption.

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.


Remediation

Install update from vendor's website.

References