oss-sec mailing list archives
CVE request -- libvirt: crash of libvirtd without guest agent configuration
From: Petr Matousek <pmatouse () redhat com>
Date: Fri, 19 Jul 2013 18:14:52 +0200
If users haven't configured guest agent then qemuAgentCommand() will dereference a NULL 'mon' pointer. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd. References: https://bugzilla.redhat.com/show_bug.cgi?id=986386 https://bugzilla.redhat.com/show_bug.cgi?id=984821 https://www.redhat.com/archives/libvir-list/2013-July/msg00992.html Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=96518d4316b711c72205117f8d5c967d5127bbb6 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- libvirt: crash of libvirtd without guest agent configuration Petr Matousek (Jul 19)
- Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration Kurt Seifried (Jul 19)