oss-sec mailing list archives
Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 19 Jul 2013 10:53:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2013 10:14 AM, Petr Matousek wrote:
If users haven't configured guest agent then qemuAgentCommand() will dereference a NULL 'mon' pointer. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd. References: https://bugzilla.redhat.com/show_bug.cgi?id=986386 https://bugzilla.redhat.com/show_bug.cgi?id=984821 https://www.redhat.com/archives/libvir-list/2013-July/msg00992.html Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=96518d4316b711c72205117f8d5c967d5127bbb6 Thanks,
Please use CVE-2013-4154 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR6W71AAoJEBYNRVNeJnmTmosP/3x1PKMoC1Y0P6WhThKGKIjB /z6+rOKAitr8nTxjILopvwM0+Wbs2Tl2uxb/J+IbFu745QTfNrzxvBnreDvXmCUT 2A8ABs85zaALZqsw1vj3FNtCvQf1hzTEo0/DzufCj0owr+q9/ibRxAPPNgZiKyrY xaQWJZ3e0D9T8Y+dm+gHDVg4pEC1sSPGbQA1zFUXPSUM/NC1ABGALz7d+uEh/nt7 0WzqBtH86rHm3okuFlDeAnByZaNzcFspazr5yLb6SmZyDnJCadwojfEPG18Q1Zbh 41d5JWJFOrojyqX2+lSiop8ayUJKubx8QV823VZZqWNIK+bR0bPRoi9ZjycRVQT4 ruhgfQDzEjD8GNfIm93SJudzT0GfLclRDVGJo6yY5L2wtpi/9Ei9fBYg9jdprqgX VTCt7IKb5TYIp8QsX5Okc0BSSne//2I1crYmEXfnYt03CAerJeApxlvOrqGNcVGK NYLcoyQsTjfeK9YhXtesfW45wPkzv8QLLcGvc1nDy2sgbuevmS5ZdRCp6qQFWhIy G0gAz2mMWVNmNOthn7Yh0GpT6IPTBCCh2XJAScXzS7bLoH5PeeKBXKO9wh5VOcsp jPZ8b3e3YLhAMaUy7A4IHqt1HR1Nh0js2WiR6yjZAN/d21GZ06i/aSWY/pxt19H4 rn4Ep2QOUJZUmzm2ucDO =4XqL -----END PGP SIGNATURE-----
Current thread:
- CVE request -- libvirt: crash of libvirtd without guest agent configuration Petr Matousek (Jul 19)
- Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration Kurt Seifried (Jul 19)