CVE-2009-0036
Published: 11 February 2009
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Notes
Author | Note |
---|---|
jdstrand | code exists but is not compiled on Ubuntu |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not compiled)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Not vulnerable
(0.6.1-0ubuntu5.1)
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
upstream |
Released
(0.6.0)
|