Multiple vulnerabilities in libvirt
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2011-2178 CVE-2011-2511 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
libvirt Universal components / Libraries / Libraries used by multiple products |
| Vendor | libvirt.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44819
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-2178
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local #AU# to gain access to sensitive information.
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
MitigationInstall update from vendor's website.
Vulnerable software versionslibvirt: 0.8.8 - 0.9.1
CPE2.3- cpe:2.3:a:libvirt_org:libvirt:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.9.1:*:*:*:*:*:*:*
https://libvirt.org/news.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
https://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html
https://www.ubuntu.com/usn/USN-1152-1
https://bugzilla.redhat.com/show_bug.cgi?id=709769
https://bugzilla.redhat.com/show_bug.cgi?id=709775
https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU44820
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-2511
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
MitigationInstall update from vendor's website.
Vulnerable software versionslibvirt: 0.0.1 - 0.9.1
CPE2.3- cpe:2.3:a:libvirt_org:libvirt:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.0.3:*:*:*:*:*:*:*
https://libvirt.org/news.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html
https://secunia.com/advisories/45375
https://secunia.com/advisories/45441
https://secunia.com/advisories/45446
https://www.debian.org/security/2011/dsa-2280
https://www.openwall.com/lists/oss-security/2011/06/28/9
https://www.redhat.com/support/errata/RHSA-2011-1019.html
https://www.redhat.com/support/errata/RHSA-2011-1197.html
https://www.securitytracker.com/id?1025822
https://www.ubuntu.com/usn/USN-1180-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/68271
https://hermes.opensuse.org/messages/10027908
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
