Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 429322 (CVE-2012-3445) - <app-emulation/libvirt-0.9.13-r1: RPC Typed Parameters Handling Denial of Service Vulnerability (CVE-2012-3445)
Summary: <app-emulation/libvirt-0.9.13-r1: RPC Typed Parameters Handling Denial of Ser...
Status: RESOLVED FIXED
Alias: CVE-2012-3445
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/50118/
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-01 09:53 UTC by Agostino Sarubbo
Modified: 2012-09-19 10:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-08-01 09:53:41 UTC 
From secunia at $URL:

Description
A vulnerability has been reported in libvirt, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "virTypedParameterArrayClear()" function when dispatching APIs with typed parameters and can be exploited via a specially crafted RPC packet.


Solution
Fixed in the GIT repository.

Provided and/or discovered by
Reported by the vendor.

Original Advisory
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-08-08 11:29:19 UTC 
CVE-2012-3445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3445):
  The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly
  handle virDomain* API calls with typed parameters, which might allow remote
  authenticated users to cause a denial of service (libvirtd crash) via an RPC
  command with nparams set to zero, which triggers an out-of-bounds read or a
  free of an invalid pointer.
Comment 2 Doug Goldstein (RETIRED) gentoo-dev 2012-08-13 03:17:50 UTC 
I've removed libvirt-0.9.13 and added libvirt-0.9.13-r1, which fixes the CVE.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-08-14 05:52:46 UTC 
Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1?
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2012-08-14 14:26:00 UTC 
(In reply to comment #3)
> Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1?

Yep.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-08-14 14:31:39 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1?
> 
> Yep.

Great, thanks.

Arches, please test and mark stable:
=app-emulation/libvirt-0.9.13-r1
Target keywords : "amd64 x86"
Comment 6 Agostino Sarubbo gentoo-dev 2012-08-14 21:27:50 UTC 
amd64 stable
Comment 7 Andreas Schürch gentoo-dev 2012-08-22 13:12:37 UTC 
x86 stable, last arch!
Comment 8 Agostino Sarubbo gentoo-dev 2012-08-22 13:29:43 UTC 
Security please vote.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2012-08-24 14:19:16 UTC 
Thanks, folks. GLSA Vote: no.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-19 10:36:33 UTC 
GLSA vote: no.

Closing no glsa.