Информационная безопасность
[RU] switch to English


Уязвимости безопасности в libvirt
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12862
Тип:библиотека
Уровень опасности:
5/10
Описание:Несколько DoS-условий.
Затронутые продукты:LIBVIRT : libvirt 0.10
CVE:CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.)
 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.)
Оригинальный текстdocumentUBUNTU, [USN-1708-1] libvirt vulnerabilities (04.02.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород