Detections
Analytics

MiracleLinux 4 : libvirt-0.9.10-21.5.0.1.AXS4 (AXSA:2012-975:04)

critical Nessus Plugin ID 284223

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-975:04 advisory.

 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
 Security issues fixed with this release:
 CVE-2012-4423 The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a gap in the RPC dispatch table.
 CVE-2012-3445 The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
 Fixed bugs:
 The augeas libvirt was unable to parse the libvirt.conf file if it contained the host_uuid option; this has been fixed.
 Fixed the disk hot-plug functions.
 Fixed the rebase operation; cgroups for the backing files are now relabelled and configured so that, when a virtual machine with an image chain using block device is started, the block rebase works as expected instead of failing on the blockJobAbort() function.
 Previously, when migrating a guest between 2 machines while the tunnelled migration could cause the libvirt daemon to lock up unexpectedly; this has been fixed.
 Depending on the locale in used, libvirt could issue incorrect commands to the hypervisor. This has been fixed.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3532

Plugin Details

Severity: Critical

ID: 284223

File Name: miracle_linux_AXSA-2012-975.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2012-4423

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libvirt-devel, p-cpe:/a:miracle:linux:libvirt, p-cpe:/a:miracle:linux:libvirt-client, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:libvirt-python

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/11/2012

Vulnerability Publication Date: 7/31/2012

Reference Information

CVE: CVE-2012-3445, CVE-2012-4423