The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0
http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
http://rhn.redhat.com/errata/RHSA-2013-1272.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://wiki.libvirt.org/page/Maintenance_Releases
http://www.debian.org/security/2013/dsa-2764
OR
cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
79814 | GLSA-201412-04 : libvirt: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
78977 | RHEL 6 : rhev-hypervisor6 (RHSA-2013:1460) | Nessus | Red Hat Local Security Checks | high |
75169 | openSUSE Security Update : libvirt (openSUSE-SU-2013:1549-1) | Nessus | SuSE Local Security Checks | medium |
75168 | openSUSE Security Update : libvirt (openSUSE-SU-2013:1550-1) | Nessus | SuSE Local Security Checks | medium |
70797 | SuSE 11.3 Security Update : libvirt (SAT Patch Number 8421) | Nessus | SuSE Local Security Checks | medium |
70796 | SuSE 11.2 Security Update : libvirt (SAT Patch Number 8348) | Nessus | SuSE Local Security Checks | medium |
70408 | Fedora 20 : libvirt-1.1.3-2.fc20 (2013-18455) | Nessus | Fedora Local Security Checks | medium |
70279 | Fedora 19 : libvirt-1.0.5.6-2.fc19 (2013-17618) | Nessus | Fedora Local Security Checks | medium |
70235 | Fedora 18 : libvirt-0.10.2.8-1.fc18 (2013-17305) | Nessus | Fedora Local Security Checks | medium |
70128 | Debian DSA-2764-1 : libvirt - programming error | Nessus | Debian Local Security Checks | medium |
70015 | Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130919) | Nessus | Scientific Linux Local Security Checks | medium |
70011 | RHEL 6 : libvirt (RHSA-2013:1272) | Nessus | Red Hat Local Security Checks | medium |
70007 | Oracle Linux 6 : libvirt (ELSA-2013-1272) | Nessus | Oracle Linux Local Security Checks | medium |
69999 | CentOS 6 : libvirt (CESA-2013:1272) | Nessus | CentOS Local Security Checks | medium |
69972 | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libvirt vulnerabilities (USN-1954-1) | Nessus | Ubuntu Local Security Checks | medium |