CVE-2013-4399
Published: 12 December 2014
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
Notes
Author | Note |
---|---|
jdstrand | per upstream, introduced in 1.1.0 |
mdeslaur | in fix-crash-in-libvirtd-when-events patch in saucy+ |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
(1.0.2-0ubuntu11.13.04.4)
|
|
saucy |
Not vulnerable
(1.1.1-0ubuntu8)
|
|
upstream |
Released
(1.1.3,1.1.1-0ubuntu7)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b |