CVE-2011-2511 – libvirt: integer overflow in VirDomainGetVcpus
https://notcve.org/view.php?id=CVE-2011-2511
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. Desbordamiento de entero en libvirt anterior a v0.9.3 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída libvirtd) y posiblemente ejecutar código arbitrario a través de una llamada manipulada VirDomainGetVcpus RPC que provoca corrupción de memoria. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html http://secunia.com/advisories/45375 http://secunia.com/advisories/45441 http://secunia.com/advisories/45446 http://www.debian.org/security/2011/dsa-2280 http://www.openwall.com/lists/oss-security/2011/06/28/9 http://www.redhat.com/support/errata/RHSA-2011-1019.html http://www.redhat.com& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2011-2178
https://notcve.org/view.php?id=CVE-2011-2178
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. La función virSecurityManagerGetPrivateData de security/security_manager.c en libvirt 0.8.8 hasta la 0.9.1 utiliza un argumento erróneo para una llamada "sizeof", lo que provoca un procesado incorrecto de "datos privados de gestión de la seguridad" que reabre un análisis de disco y pueden permitir a usuarios invitados del SO leer archivos arbitarrios en del OS anfitrión. NOTA: esta vulnerabilidad existe debido a una regresión de la CVE-2010-2238. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html http://www.ubuntu.com/usn/USN-1152-1 https://bugzilla.redhat.com/show_bug.cgi?id=709769 https://bugzilla.redhat.com/show_bug.cgi?id=709775 https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html •
CVE-2011-1486 – libvirt: error reporting in libvirtd is not thread safe
https://notcve.org/view.php?id=CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. libvirtd de libvirt en versiones anteriores a la 0.9.0 no utiliza el reporte de errores "thread-safe", lo que permite a atacantes remotos provocar una denegación de servicio (caída) provocando que múltiples hilos reporten errores al mismo tiempo. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 http://secunia.com/advisories/44459 http://securitytracker.com/id?1025477 http://support.avaya.com/css/P8/documents/100134583 http://www.debian.org/security/2011/dsa-2280 http://www.redhat.com/support/errata/RHSA-2011-0478.html http://www.redhat.com/support/errata/RHSA-2011-0479.html http://www.securityfocus.com/bid/47148 http://www.ubuntu.com/usn/USN-1152-1 https://bugzilla.redhat. • CWE-399: Resource Management Errors •
CVE-2011-1146 – libvirt: several API calls do not honour read-only connection
https://notcve.org/view.php?id=CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. libvirt.c en la API de Red Hat libvirt v0.8.8 no restringe correctamente las operaciones en una conexión de solo lectura, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caida del sistema operativo) o posiblemente ejecutar código de su elección a través de una llamada (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, o (6) virConnectDomainXMLToNative, una vulnerabilidad diferente de CVE-2008-5086. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html http://openwall.com/lists/oss-security/2011/03/09/3 http://openwall.com/lists/oss-security/2011/03/10/5 http://secunia.com/advisories/43670 http://secunia.com/advisories/43780 http://secunia& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2237
https://notcve.org/view.php?id=CVE-2010-2237
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. Red Hat libvirt, posiblemente v0.6.1 hasta v0.8.2, busca almacenes de respaldo de discos sin hacer referencia al formato del disco definido por el usuario principal, lo que podría permitir a usuarios invitados al SO leer ficheros de su elección en el SO anfitrión, y posiblemente tenga otro impacto sin especificar, a través de vectores desconocidos. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://ubuntu.com/usn/usn-1008-1 http://ubuntu.com/usn/usn-1008-2 http://ubuntu.com/usn/usn-1008-3 http://www.vupen.com/english/advisories/2010/2763 https://bugzilla.redhat.com/show_bug.cgi?id=607810 • CWE-264: Permissions, Privileges, and Access Controls •