CVE-2012-4423

Related Files

Ubuntu Security Notice USN-1708-1

Posted Jan 30, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1708-1 - Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2012-4423, CVE-2013-0170, CVE-2012-4423, CVE-2013-0170

SHA-256 | 382adae9f81677b0019c102b19cb2666bfdc504fe302ed2e7caa413ac0620235

Download | Favorite | View

Red Hat Security Advisory 2012-1359-01

Posted Oct 11, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1359-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd by sending an RPC message that has an event as the RPC number, or an RPC number that falls into a gap in the RPC dispatch table.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2012-4423

SHA-256 | 5efe258402eda25fe4885eec11901e6cf074efc4a2e19154697e29e6c1845f26

Download | Favorite | View