Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 24 May 2016 15:40:50 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: "Daniel P. Berrange" <berrange@...hat.com>
Subject: CVE-2014-3672 libvirt: DoS via excessive logging 

   Hello,

A while back, Mr Andrew Sorensen reported a Qemu logging issue wherein Libvirt 
OR Xen directed 'stderr' of Qemu to a log file on the host.

This can be easily exploited by a user inside guest to flood the log file with 
endless messages, resulting in a DoS situation on the host, affecting other 
services and guests alike.

'CVE-2014-3672' was assigned to it by Red Hat Inc.

Until recently there was no remedy in sight, but quoting Mr Daniel P Berrange 
of libvirt

   "Since libvirt version 1.3.3, libvirt has 'virtlogd' daemon running. The
    QEMU stdout/err are no longer connected directly to a file on disk, instead
    they go to a pipe connected to virtlogd. virtlogd only allows 128 kb of
    data to be written before rolling over the logs, and only keeps 3 backups,
    so there is no longer an uncontrolled denial of service.

    With QEMU 2.6, it is further possible to use virtlogd in association with
    QEMU serial ports that need to log to a file, for the same reason."

Upstream patch:
---------------
   -> https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf

Note: It's probably not feasible to back port this solution to older versions.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ