Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 10 Oct 2013 12:22:45 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 68 (CVE-2013-4369) - possible null
 dereference when parsing vif ratelimiting info

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-4369 / XSA-68
                               version 2

     possible null dereference when parsing vif ratelimiting info

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The libxlu library function xlu_vif_parse_rate does not properly
handle inputs which consist solely of the '@' character, leading to a
NULL pointer dereference.

IMPACT
======

A toolstack which allows untrusted users to specify an arbitrary
configuration for the VIF rate can be subjected to a DOS.

The only known user of this library is the xl toolstack which does not
have a central long running daemon and therefore the impact is limited
to crashing the process which is creating the domain, which exists
only to service a single domain.

VULNERABLE SYSTEMS
==================

The vulnerable code is present from Xen 4.2 onwards.

MITIGATION
==========

Disallowing untrusted users from specifying arbitrary VIF rate limits
will avoid this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and Matthew Daley.

RESOLUTION
==========

Applying the attached patch resolves this issue in all branches

xsa68.patch        xen-unstable, Xen 4.3.x, Xen 4.2.x

$ sha256sum xsa68*.patch
64716cb49696298e0bbd9556fe9d6f559a4e2785081e28d50607317b6e27ba32  xsa68.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSVpv6AAoJEIP+FMlX6CvZh5AH/3eMQvmLfgXNbr/vBFKwwJFc
FXd/5N76S17ZI5jTPLoXc1GiXOI9MhPNazKo6e/RLYkVrxgK4Cq8jowBJBgg8Q4R
egOlTinu87uT3ik6DP1ZQVQXEC2Wot0lJwjkN5B/72Tx/ldnS7i/Wi7P5QW7kzcJ
3FWSoCP/degKK/pBbPbt6keUjsUgkIXR3S0Vx/5+NXWeGMfjBFMqV6O1TQ1COkjw
GrvYzXBPAnhmw0fUSYdh87Ed2MH0nZqBGuP/b4wlXqoYWBZN/1xs8M+txnfGLyRm
+vvoM5shs+IiC0cVUcOPF+o7xZRiF6ZNdEMZdMV0NPHNeVEKtdXd6zlc/7VWuvM=
=9/V5
-----END PGP SIGNATURE-----

Download attachment "xsa68.patch" of type "application/octet-stream" (1923 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.