#VU44820 Input validation error in libvirt - CVE-2011-2511

Vulnerability identifier: #VU44820

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2011-2511

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libvirt
Universal components / Libraries / Libraries used by multiple products

Vendor: libvirt.org

Description

The vulnerability allows a remote #AU# to perform service disruption.

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libvirt: 0.0.1 - 0.9.1

---

External links
https://libvirt.org/news.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html
https://secunia.com/advisories/45375
https://secunia.com/advisories/45441
https://secunia.com/advisories/45446
https://www.debian.org/security/2011/dsa-2280
https://www.openwall.com/lists/oss-security/2011/06/28/9
https://www.redhat.com/support/errata/RHSA-2011-1019.html
https://www.redhat.com/support/errata/RHSA-2011-1197.html
https://www.securitytracker.com/id?1025822
https://www.ubuntu.com/usn/USN-1180-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/68271
https://hermes.opensuse.org/messages/10027908
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.