libvirt.so is vulnerable to denial of service (DoS). The virDomainListPopulate
function in conf/domain_conf.c
does not clean up the lock on the list of domains. This allows a remote attacker to cause a deadlock by passing a NULL list parameter to virConnectListAllDomains
which leads to an early jump to the cleanup label and consequently preventing all further APIs from accessing the list.
libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669
libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669
libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669
lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
rhn.redhat.com/errata/RHSA-2014-1352.html
rhn.redhat.com/errata/RHSA-2014-1352.html
secunia.com/advisories/60291
secunia.com/advisories/60291
secunia.com/advisories/62303
secunia.com/advisories/62303
security.libvirt.org/2014/0005.html
security.libvirt.org/2014/0005.html
www.ubuntu.com/usn/USN-2404-1
www.ubuntu.com/usn/USN-2404-1
access.redhat.com/errata/RHSA-2014:1352
access.redhat.com/errata/RHSA-2014:1873
access.redhat.com/security/cve/CVE-2014-3657
bugzilla.redhat.com/show_bug.cgi?id=1145667
github.com/libvirt/libvirt/commit/fc22b2e74890873848b43fffae43025d22053669
libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669
security.libvirt.org/2014/0005.html