It has been found that several libvirt API calls (virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not
honour read-only connection. Remote attacker could use this flaw to crash the
host server (DoS).
Patch (applied upstream): see $URL
0.8.8-r1 in tree.
(In reply to comment #1)
> 0.8.8-r1 in tree.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
amd64 done. Thanks Agostino
GLSA Vote: yes.
GLSA request filed.
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict
operations in a read-only connection, which allows remote attackers to cause
a denial of service (host OS crash) or possibly execute arbitrary code via a
(1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3)
virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5)
virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different
vulnerability than CVE-2008-5086.
Affected versions are no longer in tree.
This issue was resolved and addressed in
GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml
by GLSA coordinator Stefan Behte (craig).