REDHAT-BUG-893450
First published: Wed Jan 09 2013(Updated: )
A flaw was found in the way message freeing on connection cleanup was handled under certain error conditions. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. Acknowledgements: This issue was discovered by Tingting Zheng of Red Hat.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libvirt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-893450?
The severity of REDHAT-BUG-893450 is considered high due to potential privilege escalation and denial of service risks.
How do I fix REDHAT-BUG-893450?
To fix REDHAT-BUG-893450, apply the latest security update provided by Red Hat for the libvirt package.
What are the potential impacts of REDHAT-BUG-893450?
The potential impacts of REDHAT-BUG-893450 include crashing the libvirtd service and possibly escalating privileges to that of the libvirtd process.
Who is affected by REDHAT-BUG-893450?
Users running vulnerable versions of Red Hat Libvirt that allow remote command execution by untrusted users are affected by REDHAT-BUG-893450.
Is there a workaround for REDHAT-BUG-893450?
Currently, the recommended approach is to upgrade to the patched version, as specific workarounds for REDHAT-BUG-893450 are not documented.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0170
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/libvirt