CVE-2014-1447 – libvirt: denial of service with keepalive
https://notcve.org/view.php?id=CVE-2014-1447
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Condición de carrera en la función virNetServerClientStartKeepAlive en libvirt anteriores a 1.2.1 permite a atacantes remotos causar denegación de servicio (caída de libvirtd) mediante el cierre de conexiones antes de que una respuesta keepalive sea enviada. • https://github.com/tagatac/libvirt-CVE-2014-1447 http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://secunia.com/advisories/56321 http://secunia.com/advisories/56446 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.debian.org/security/2014/dsa-2846 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-6436
https://notcve.org/view.php?id=CVE-2013-6436
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. El método lxcDomainGetMemoryParameters en lxc/lxc_driver.c en libvirt 1.0.5 a 1.2.0 no comprueba correctamente el estado de invitados LXC cuando lee configuraciones de memoria, lo cual permite a usuarios locales causar denegación de servicio (referencia a puntero a NULL y caída de libvirtd) a través de un invitado en el estado de apagado, como se demuestra con el comando "virsh memtune". • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html http://osvdb.org/101485 http://secunia.com/advisories/56245 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.ubuntu.com/usn/USN-2093-1 https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4400
https://notcve.org/view.php?id=CVE-2013-4400
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. virt-login-shell en libvirt v1.1.2 hasta v1.1.3 permite a usuarios locales sobreescribir ficheros aleatorios y posiblemente obtener privilegios a través de variables de entorno no especificadas o argumentos de línea de comandos. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467 http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://wiki.libvirt.org/page/Maintenance_Releases https://bugzilla.redh • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4401
https://notcve.org/view.php?id=CVE-2013-4401
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. La función de la API virConnectDomainXMLToNative en libvirt versiones 1.1.0 hasta 1.1.3, comprueba el permiso connect:read en lugar del permiso connect:write, que permite a los atacantes conseguir privilegios domain:write y ejecutar archivos binarios de Qemu por medio de un XML diseñado. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c http://secunia.com/advisories/55210 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://wiki.libvirt.org/page/Maintenance_Releases http://www.securitytracker.com/id/1029241 http://www.ubuntu.com/usn/USN-2026-1 https://bugzilla.redhat.com/show_bug.cgi?id=1015259 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4297
https://notcve.org/view.php?id=CVE-2013-4297
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. La función virFileNBDDeviceAssociate en util/virfile.c en libvirt v1.1.2 y anteriores permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia a puntero no inicializado y caída) a través de vectores no especificados. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •