CVE-2013-4296

Related Files

Gentoo Linux Security Advisory 201412-04

Posted Dec 8, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-4 - Multiple vulnerabilities have been found in libvirt, worst of which allows context-dependent attackers to escalate privileges. Versions less than 1.2.9-r2 are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2013-4292, CVE-2013-4296, CVE-2013-4297, CVE-2013-4399, CVE-2013-4400, CVE-2013-4401, CVE-2013-5651, CVE-2013-6436, CVE-2013-6456, CVE-2013-6457, CVE-2013-6458, CVE-2013-7336, CVE-2014-0028, CVE-2014-0179, CVE-2014-1447, CVE-2014-3633, CVE-2014-5177, CVE-2014-7823

SHA-256 | 04c111d3cb8f6077f1f1c216f9e56106ab6e31444d537f25d03e8ab04ca85eb1

Download | Favorite | View

Debian Security Advisory 2764-1

Posted Sep 25, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2764-1 - Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats() function could lead to denial of service.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2013-4296

SHA-256 | dd359ee6a114c2ea12723e65fab5b15ff7b13a65fc45369003a122ce5e0872ba

Download | Favorite | View

Red Hat Security Advisory 2013-1272-01

Posted Sep 20, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1272-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.

tags | advisory, remote, arbitrary, local, root

systems | linux, redhat

advisories | CVE-2013-4296, CVE-2013-4311

SHA-256 | d92904347fa422567abf49e49fb5c4c1e4959e1c56937eff10d983ba67e44e91

Download | Favorite | View

Ubuntu Security Notice USN-1954-1

Posted Sep 18, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1954-1 - It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, local

systems | linux, ubuntu

advisories | CVE-2013-4311, CVE-2013-4296, CVE-2013-5651, CVE-2013-4296, CVE-2013-4311, CVE-2013-5651

SHA-256 | 59ff3bfce1b5160cbf39adc5e7dbd353a7a26360a5e79205fa96bcdf56cace17

Download | Favorite | View