Page 5 of 37 results (0.043 seconds)

CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. La función virDomainListPopulate en conf/domain_conf.c en libvirt anterior a 1.2.9 no limpia el bloqueo en la lista de dominios, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo mutuo) a través de un valor nulo en el parámetro second en el comando de API virConnectListAllDomains. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669 http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-1352.html http://secunia.com/advisories/60291 http://secunia.com/advisories/62303 http://security.libvirt.org/2014/0005.html http://www.ubuntu.com/usn/USN-2404-1 https://access.redhat.com/security/cve/CVE-2014-3657 https&# • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 3%CPEs: 12EXPL: 0

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. La función qemuDomainGetBlockIoTune en qemu/qemu_driver.c en libvirt anterior a 1.2.9, cuando un disco ha sido conectado en caliente o eliminado de la imagen en vivo, permite a atacantes remotos causar una denegación de servicio (caída) o leer información sensible de la memoria dinámica a través de una consulta blkiotune manipulada, lo que provoca una lectura fuera de rango. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-1352.html http://secunia.com/advisories/60291 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0004.html http://www.debian.org/security/2014/dsa-3038 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. libvirt 1.0.0 hasta 1.2.x anterior a 1.2.5, cuando el control de acceso detallado está habilitado, permite a usuarios locales leer ficheros arbitrarios a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método API (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU o (19) virConnectBaselineCPU, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-0179 por ADT3 debido a las diferentes versiones afectadas de algunos vectores. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-2014-5177 https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.4EPSS: 0%CPEs: 75EXPL: 0

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. libvirt 0.7.5 hasta 1.2.x anterior a 1.2.5 permite a usuarios locales causar una denegación de servicio (bloqueo de lectura y cuelgue) a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método (1) virConnectCompareCPU o (2) virConnectBaselineCPU API, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema fue dividido (SPLIT) por ADT3 debido a las diferentes versiones afectadas de algunos vectores. CVE-2014-5177 se utiliza para otros métodos API. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.debian.org/security/2014/dsa-3038 http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-20 • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 1.9EPSS: 0%CPEs: 17EXPL: 0

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. La función qemuMigrationWaitForSpice en qemu/qemu_migration.c en libvirt anterior a 1.1.3 no entra debidamente en un monitor cuando realiza migración SPICE ininterrumpida, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de libvirtd) al provocar que domblkstat sea llamado en el mismo momento que la función qemuMonitorGetSpiceMigrationStatus. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321 http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.openwall.com/lists/oss-security/2014/03/18/1 http://www.openwall.com/lists/oss-security/2014/03/18/3 https://bugzilla.redhat.com/show_bug.cgi?id=1077620 •