Showing 1 - 3 of 3

CVE-2013-0170

Status Candidate

Overview

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Related Files

Gentoo Linux Security Advisory 201309-18: Posted Sep 25, 2013; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201309-18 - Multiple vulnerabilities have been found in libvirt, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0.5.1-r3 are affected.; tags | advisory, remote, denial of service, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2013-0170, CVE-2013-1962; SHA-256 | 9257d13b61a35d266211c700641ed9bda77545c33aa5ed5116ee2974035d6fed; Download | Favorite | View

Ubuntu Security Notice USN-1708-1: Posted Jan 30, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1708-1 - Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2012-4423, CVE-2013-0170, CVE-2012-4423, CVE-2013-0170; SHA-256 | 382adae9f81677b0019c102b19cb2666bfdc504fe302ed2e7caa413ac0620235; Download | Favorite | View

Red Hat Security Advisory 2013-0199-01: Posted Jan 29, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0199-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user.; tags | advisory, remote, arbitrary, root; systems | linux, redhat; advisories | CVE-2013-0170; SHA-256 | 9b0926897ef2c7c11cb24ab1e055d63e9d0b4aadfbd76cf8b9d00499296212ff; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2013-0170

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems