Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 13 Sep 2012 11:11:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- libvirt: null function pointer
 invocation in virNetServerProgramDispatchCall()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/13/2012 10:51 AM, Petr Matousek wrote:
> It has been found that sending RPC message with an event as the
> RPC number, or RPC number that falls into gap in the RPC dispatch
> table, can lead to libvirtd accessing memory at page zero. A remote
> attacker could use this flaw to crash libvirtd (DoS).
> 
> Proposed upstream fix: 
> https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
>
>  References: 
> https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
>
> 
https://bugzilla.redhat.com/show_bug.cgi?id=857133
> 
> Thanks,

Please use CVE-2012-4423  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQUhOrAAoJEBYNRVNeJnmTmO0QALpWDIywSNOP8plYPx0fmJQz
Gx7WZkLmq99zl4hSolGAExGj4p7eiw7bvF0MKmmubHvOGCATYFLhx4RdbnfZ9j3a
XB470udv+ldSi7gIzo2R3dv0pT1Y3AJ63R4I7OhbayhA4WfrTW/C3EtsY24iZQ3k
QGct4+U1mtouNnvS04+Dl3XmMmaWq1QOYVr2tDOPU6tRSsgmI+ApBJLEX9J3W9p1
7iXbYoVjPeUecHD1X3nBFcfqdKey3AtQrzQ0OC/izMhQ8m+RNLYutKFInOv2V6xT
ejOC/pytXulBtsPgoTWAYY7aBxyWCJlz49aWBzs4gA8PbNgK4pkwUV3c2rypW0Ki
fFAISV4DMxo96oE5HD+kVWy2TiH5/6oXQj2WtpkZcgsvuX/al8UNNKEJ2ehPQ/Bx
kzMaDlboh1C9pD/g8pyBqESw4t6/JH4QpEFgyLniS4zvYwg9Y1cBhVPwgllOTPaX
Nlo43zt+9cYk5eyPNZECFYRb+8TkwrCd1ovKLrkcE2AdMxIxDCqXTQ/IvQWrsA9e
PA5282HgsvW2UspN9BBJAFSEp9lCoM3xmAZosT5GIjrYwzj2V4OLygm/Rm+bist1
Tm+6xn9+jVBKk0aMVEttr1ne2vMtdGIEiLUxEFvwEa/YcwHJCTczRiQWomD+9u+j
hiwwXN97BizF7FIIHwvn
=/D8P
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ