Multiple vulnerabilities in libvirt
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2013-2230 CVE-2013-4154 CVE-2013-2218 |
| CWE-ID | CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
libvirt Universal components / Libraries / Libraries used by multiple products |
| Vendor | libvirt.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42516
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-2230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
MitigationInstall update from vendor's website.
Vulnerable software versionslibvirt: 0.0.1 - 1.0.6
CPE2.3- cpe:2.3:a:libvirt_org:libvirt:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:0.0.3:*:*:*:*:*:*:*
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f38c8185f97720ecae7ef2291fbaa5d6b0209e17
https://libvirt.org/news.html
https://www.openwall.com/lists/oss-security/2013/07/10/5
https://bugzilla.redhat.com/show_bug.cgi?id=981476
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU42518
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-4154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.
MitigationInstall update from vendor's website.
Vulnerable software versionslibvirt: 1.0.0 - 1.0.6
CPE2.3- cpe:2.3:a:libvirt_org:libvirt:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt_org:libvirt:1.0.2:*:*:*:*:*:*:*
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6
https://libvirt.org/news.html
https://openwall.com/lists/oss-security/2013/07/19/12
https://bugzilla.redhat.com/show_bug.cgi?id=984821
https://bugzilla.redhat.com/show_bug.cgi?id=986386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU42523
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2013-2218
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
MitigationInstall update from vendor's website.
Vulnerable software versionslibvirt: 1.0.6
CPE2.3 External linkshttps://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
https://libvirt.org/news.html
https://www.openwall.com/lists/oss-security/2013/07/01/6
https://bugzilla.redhat.com/show_bug.cgi?id=980112
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
