First published: Tue Sep 10 2013(Updated: )
The 'stats' variable in remoteDispatchDomainMemoryStats function was not initialized to NULL, so if some early validation of the RPC call fails, it is possible to jump to the 'cleanup' label and VIR_FREE an uninitialized pointer. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd. Acknowledgements: This issue was discovered by Daniel P. Berrange of Red Hat.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.1 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.2 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.3 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.4 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.5 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.6 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.7 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.8 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.9 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.10 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.11 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.12 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.9.13 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.0 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.1 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.1 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.2 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.3 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.4 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.5 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.6 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =0.10.2.7 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.0.5.1 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.0.5.2 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.0.5.3 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.0.5.4 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.0.5.5 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.1.0 | |
Red Hat Libvirt-daemon-driver-storage-iscsi-direct | =1.1.1 | |
Ubuntu | =10.04 | |
Ubuntu | =12.04 | |
Ubuntu | =12.10 | |
Ubuntu | =13.04 | |
Red Hat Enterprise Linux | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4296 is considered to have moderate severity due to the potential for remote exploitation if certain conditions are met.
To fix CVE-2013-4296, users should upgrade to libvirt versions 0.9.14 or later, which addresses the uninitialized pointer issue.
CVE-2013-4296 affects libvirt versions 0.9.1 through 0.9.13 and all versions prior to 0.9.14.
A remote user with the ability to issue commands to the libvirt daemon can exploit CVE-2013-4296.
CVE-2013-4296 is a memory management issue, specifically related to the use of an uninitialized pointer in the libvirt daemon.