CVE-2011-1486

Current Description

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

Basic Data

PublishedMay 31, 2011
Last ModifiedAugust 12, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.3
SeverityLOW
Exploitability Score6.5
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatLibvirt0.0.1*******
    2.3ApplicationRedhatLibvirt0.0.2*******
    2.3ApplicationRedhatLibvirt0.0.3*******
    2.3ApplicationRedhatLibvirt0.0.4*******
    2.3ApplicationRedhatLibvirt0.0.5*******
    2.3ApplicationRedhatLibvirt0.0.6*******
    2.3ApplicationRedhatLibvirt0.1.0*******
    2.3ApplicationRedhatLibvirt0.1.1*******
    2.3ApplicationRedhatLibvirt0.1.3*******
    2.3ApplicationRedhatLibvirt0.1.4*******
    2.3ApplicationRedhatLibvirt0.1.5*******
    2.3ApplicationRedhatLibvirt0.1.6*******
    2.3ApplicationRedhatLibvirt0.1.7*******
    2.3ApplicationRedhatLibvirt0.1.8*******
    2.3ApplicationRedhatLibvirt0.1.9*******
    2.3ApplicationRedhatLibvirt0.2.0*******
    2.3ApplicationRedhatLibvirt0.2.1*******
    2.3ApplicationRedhatLibvirt0.2.2*******
    2.3ApplicationRedhatLibvirt0.2.3*******
    2.3ApplicationRedhatLibvirt0.3.0*******
    2.3ApplicationRedhatLibvirt0.3.1*******
    2.3ApplicationRedhatLibvirt0.3.2*******
    2.3ApplicationRedhatLibvirt0.3.3*******
    2.3ApplicationRedhatLibvirt0.4.0*******
    2.3ApplicationRedhatLibvirt0.4.1*******
    2.3ApplicationRedhatLibvirt0.4.2*******
    2.3ApplicationRedhatLibvirt0.4.3*******
    2.3ApplicationRedhatLibvirt0.4.4*******
    2.3ApplicationRedhatLibvirt0.4.5*******
    2.3ApplicationRedhatLibvirt0.4.6*******
    2.3ApplicationRedhatLibvirt0.5.0*******
    2.3ApplicationRedhatLibvirt0.5.1*******
    2.3ApplicationRedhatLibvirt0.6.0*******
    2.3ApplicationRedhatLibvirt0.6.1*******
    2.3ApplicationRedhatLibvirt0.6.2*******
    2.3ApplicationRedhatLibvirt0.6.3*******
    2.3ApplicationRedhatLibvirt0.6.4*******
    2.3ApplicationRedhatLibvirt0.6.5*******
    2.3ApplicationRedhatLibvirt0.7.0*******
    2.3ApplicationRedhatLibvirt0.7.1*******
    2.3ApplicationRedhatLibvirt0.7.2*******
    2.3ApplicationRedhatLibvirt0.7.3*******
    2.3ApplicationRedhatLibvirt0.7.4*******
    2.3ApplicationRedhatLibvirt0.7.5*******
    2.3ApplicationRedhatLibvirt0.7.6*******
    2.3ApplicationRedhatLibvirt0.7.7*******
    2.3ApplicationRedhatLibvirt0.8.0*******
    2.3ApplicationRedhatLibvirt0.8.1*******
    2.3ApplicationRedhatLibvirt0.8.2*******
    2.3ApplicationRedhatLibvirt0.8.3*******
    2.3ApplicationRedhatLibvirt0.8.4*******
    2.3ApplicationRedhatLibvirt0.8.5*******
    2.3ApplicationRedhatLibvirt0.8.6*******
    2.3ApplicationRedhatLibvirt0.8.7*******
    2.3ApplicationRedhatLibvirt********0.8.8

Vulnerable Software List

VendorProductVersions
Redhat Libvirt *, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.1, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7

References

NameSourceURLTags
http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670CONFIRMPatch
44459http://secunia.com/advisories/44459SECUNIAVendor Advisory
1025477http://securitytracker.com/id?1025477SECTRACK
http://support.avaya.com/css/P8/documents/100134583http://support.avaya.com/css/P8/documents/100134583CONFIRM
DSA-2280http://www.debian.org/security/2011/dsa-2280DEBIAN
RHSA-2011:0478http://www.redhat.com/support/errata/RHSA-2011-0478.htmlREDHAT
RHSA-2011:0479http://www.redhat.com/support/errata/RHSA-2011-0479.htmlREDHAT
47148http://www.securityfocus.com/bid/47148BID
USN-1152-1http://www.ubuntu.com/usn/USN-1152-1UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=693391https://bugzilla.redhat.com/show_bug.cgi?id=693391CONFIRMPatch
[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safehttps://www.redhat.com/archives/libvir-list/2011-March/msg01087.htmlMLISTPatch