oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 19 Jul 2013 10:53:09 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/19/2013 10:14 AM, Petr Matousek wrote:

If users haven't configured guest agent then qemuAgentCommand()
will dereference a NULL 'mon' pointer.

A remote user able to issue commands to libvirt daemon could use
this flaw to crash libvirtd.

References: https://bugzilla.redhat.com/show_bug.cgi?id=986386 
https://bugzilla.redhat.com/show_bug.cgi?id=984821 
https://www.redhat.com/archives/libvir-list/2013-July/msg00992.html

 Upstream fix: 
http://libvirt.org/git/?p=libvirt.git;a=commit;h=96518d4316b711c72205117f8d5c967d5127bbb6

 Thanks,



Please use CVE-2013-4154 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR6W71AAoJEBYNRVNeJnmTmosP/3x1PKMoC1Y0P6WhThKGKIjB
/z6+rOKAitr8nTxjILopvwM0+Wbs2Tl2uxb/J+IbFu745QTfNrzxvBnreDvXmCUT
2A8ABs85zaALZqsw1vj3FNtCvQf1hzTEo0/DzufCj0owr+q9/ibRxAPPNgZiKyrY
xaQWJZ3e0D9T8Y+dm+gHDVg4pEC1sSPGbQA1zFUXPSUM/NC1ABGALz7d+uEh/nt7
0WzqBtH86rHm3okuFlDeAnByZaNzcFspazr5yLb6SmZyDnJCadwojfEPG18Q1Zbh
41d5JWJFOrojyqX2+lSiop8ayUJKubx8QV823VZZqWNIK+bR0bPRoi9ZjycRVQT4
ruhgfQDzEjD8GNfIm93SJudzT0GfLclRDVGJo6yY5L2wtpi/9Ei9fBYg9jdprqgX
VTCt7IKb5TYIp8QsX5Okc0BSSne//2I1crYmEXfnYt03CAerJeApxlvOrqGNcVGK
NYLcoyQsTjfeK9YhXtesfW45wPkzv8QLLcGvc1nDy2sgbuevmS5ZdRCp6qQFWhIy
G0gAz2mMWVNmNOthn7Yh0GpT6IPTBCCh2XJAScXzS7bLoH5PeeKBXKO9wh5VOcsp
jPZ8b3e3YLhAMaUy7A4IHqt1HR1Nh0js2WiR6yjZAN/d21GZ06i/aSWY/pxt19H4
rn4Ep2QOUJZUmzm2ucDO
=4XqL
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: