libvirt "remoteDispatchStoragePoolListAllVolumes()" Denial
libvirt "remoteDispatchStoragePoolListAllVolumes()" Denial of Service Vulnerability
Release Date : 2013-05-17
Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status: Vendor Workaround
Software: libvirt 1.x
A vulnerability has been reported in libvirt, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to the "remoteDispatchStoragePoolListAllVolumes()" function (daemon/remote.c) leaking file descriptors. This can be exploited to cause resource exhaustion and render the daemon unusable.
The vulnerability is reported in version 1.0.5. Other versions may also be affected.
Fixed in the GIT repository.
Provided and/or discovered by:
The vendor credits Edoardo Comar, IBM.