You are here

U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service

August 24, 2012 - 7:00am

Addthis

PROBLEM:

libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service

PLATFORM:

Version(s): 0.9.13 and prior

ABSTRACT:

A vulnerability was reported in libvirt.

reference LINKS:

libvirt
SecurityTracker Alert ID: 1027437
Secunia Advisory SA50118
Bugtraq ID: 54748
CVE-2012-3445

IMPACT ASSESSMENT:

Medium

Discussion

A remote user can send a specially crafted RPC call with the number of parameters set to zero to libvirtd to trigger a memory access error in virTypedParameterArrayClear() and cause the target service to crash.

Impact:

A remote user can cause denial of service conditions.

Solution:

The vendor has issued a fix.

Addthis