CVE-2013-6458 – qemu: job usage issue in several APIs leading to libvirtd crash
https://notcve.org/view.php?id=CVE-2013-6458
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. Múltiples condiciones de carrera en las funciones (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl y (4) virDomainGetBlockIoTune en libvirt anteriores a 1.2.1 no verifica correctamente que el disco esté conectado, lo cual permite a atacantes remotos con permisos de sólo lectura causar denegación de servicio (caída de libvirtd) a través del comando virDomainDetachDeviceFlags. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://secunia.com/advisories/56186 http://secunia.com/advisories/56446 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.debian.org/security/2014/dsa-2846 http://www.ubuntu.com/usn/USN-2093-1 https://bugzilla • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-1447 – libvirt: denial of service with keepalive
https://notcve.org/view.php?id=CVE-2014-1447
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Condición de carrera en la función virNetServerClientStartKeepAlive en libvirt anteriores a 1.2.1 permite a atacantes remotos causar denegación de servicio (caída de libvirtd) mediante el cierre de conexiones antes de que una respuesta keepalive sea enviada. • https://github.com/tagatac/libvirt-CVE-2014-1447 http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://secunia.com/advisories/56321 http://secunia.com/advisories/56446 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.debian.org/security/2014/dsa-2846 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-6436
https://notcve.org/view.php?id=CVE-2013-6436
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. El método lxcDomainGetMemoryParameters en lxc/lxc_driver.c en libvirt 1.0.5 a 1.2.0 no comprueba correctamente el estado de invitados LXC cuando lee configuraciones de memoria, lo cual permite a usuarios locales causar denegación de servicio (referencia a puntero a NULL y caída de libvirtd) a través de un invitado en el estado de apagado, como se demuestra con el comando "virsh memtune". • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html http://osvdb.org/101485 http://secunia.com/advisories/56245 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.ubuntu.com/usn/USN-2093-1 https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html • CWE-264: Permissions, Privileges, and Access Controls •