Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 454588 (CVE-2013-0170) - <app-emulation/libvirt-1.0.2-r2: "virNetMessageFree()" Use-After-Free Vulnerability (CVE-2013-0170)
Summary: <app-emulation/libvirt-1.0.2-r2: "virNetMessageFree()" Use-After-Free Vulnera...
Status: RESOLVED FIXED
Alias: CVE-2013-0170
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/52003/
Whiteboard: B1 [glsa]
Keywords:
Depends on: 458688
Blocks:
  Show dependency tree
 
Reported: 2013-01-29 21:25 UTC by Agostino Sarubbo
Modified: 2013-09-25 17:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-01-29 21:25:17 UTC
From $URL :

Description
A vulnerability has been reported in libvirt, which can be exploited by malicious people to 
potentially compromise a vulnerable system.

The vulnerability is caused due to a use-after-free error in the "virNetMessageFree()" function 
(src/rpc/virnetserverclient.c) and can be exploited to dereference already freed memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 1.0.1. Other versions may also be affected.


Solution
Fixed in the GIT repository.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2013-01-29 21:32:19 UTC
The advisory is a bit unfortunate. It affects a lot more versions than just 1.0.1 or 1.x. Perfect example is the fact that RHEL released updates for 0.9.6 and newer for Fedora and RHEL6.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-26 00:03:12 UTC
New GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 23:11:51 UTC
CVE-2013-0170 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0170):
  Use-after-free vulnerability in the virNetMessageFree function in
  rpc/virnetserverclient.c libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3,
  0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to
  cause a denial of service (crash) and possibly execute arbitrary code by
  triggering certain errors during an RPC connection, which causes a message
  to be freed without being removed from the message queue.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-09-25 17:19:01 UTC
This issue was resolved and addressed in
 GLSA 201309-18 at http://security.gentoo.org/glsa/glsa-201309-18.xml
by GLSA coordinator Chris Reffett (creffett).