Lucene search

RedhatCVE-2013-1962

HistoryMay 29, 2013 - 12:55 a.m.

CVE-2013-1962

2013-05-2900:55:01

CWE-399

redhat

web.nvd.nist.gov

cve-2013-1962

libvirt

storage pool manager

denial of service

file descriptor consumption

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests “to list all volumes for the particular pool.”

Affected configurations

Nvd

Node

redhatlibvirtMatch1.0.5

VendorProductVersionCPE
redhatlibvirt1.0.5cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libvirt	1.0.5	cpe:2.3:a:redhat:libvirt:1.0.5:::::::*

References

libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739

lists.fedoraproject.org/pipermail/package-announce/2013-May/106906.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106921.html

lists.opensuse.org/opensuse-updates/2013-06/msg00022.html

osvdb.org/93451

rhn.redhat.com/errata/RHSA-2013-0831.html

secunia.com/advisories/53440

secunia.com/advisories/53475

www.openwall.com/lists/oss-security/2013/05/16/9

www.securityfocus.com/bid/59937

www.securitytracker.com/id/1028577

www.ubuntu.com/usn/USN-1895-1

bugzilla.redhat.com/show_bug.cgi?id=953107

exchange.xforce.ibmcloud.com/vulnerabilities/84341

www.redhat.com/archives/libvir-list/2013-May/msg01222.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

Related for CVE-2013-1962