libvirt "remoteDispatchStoragePoolListAllVolumes()" Denial

by Carol~ Moderator - 5/17/13 8:52 AM

In Reply to: VULNERABILITIES / FIXES - May 17, 2013 by Carol~ Moderator

libvirt "remoteDispatchStoragePoolListAllVolumes()" Denial of Service Vulnerability

Release Date : 2013-05-17

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status: Vendor Workaround

Software: libvirt 1.x

Description:
A vulnerability has been reported in libvirt, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to the "remoteDispatchStoragePoolListAllVolumes()" function (daemon/remote.c) leaking file descriptors. This can be exploited to cause resource exhaustion and render the daemon unusable.

The vulnerability is reported in version 1.0.5. Other versions may also be affected.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
The vendor credits Edoardo Comar, IBM.

Original Advisory:
https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html
https://bugzilla.redhat.com/show_bug.cgi?id=953107

http://secunia.com/advisories/53440/