CVE-2013-0170

Severity

93%

Complexity

86%

Confidentiality

165%

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2013-02-08 20:55:00

Last updated 5 years ago

2019-04-22 17:48:00

Affected Software

OpenSUSE 12.1

12.1

OpenSUSE 12.2

12.2

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

SUSE Linux Enterprise Software Development Kit 11.0 Service Pack 2

11.0

Novell SUSE Linux Enterprise Desktop 11

11

Novell SUSE Linux Enterprise Server 11

11

Fedora 17

17

Fedora 18

18

Red Hat Enterprise Linux 6.0

6.0

Red Hat libvirt 0.9.6

0.9.6

Red Hat libvirt 0.9.6.1

0.9.6.1

Red Hat libvirt 0.9.6.2

0.9.6.2

Red Hat libvirt 0.9.6.3

0.9.6.3

Red Hat libvirt 0.10.2

0.10.2

Red Hat libvirt 0.10.2.1

0.10.2.1

Red Hat libvirt 0.10.2.2

0.10.2.2

Red Hat libvirt 1.0.0

1.0.0

Red Hat libvirt 1.0.1

1.0.1

References

http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720

http://libvirt.org/news.html

FEDORA-2013-1644

Vendor Advisory

FEDORA-2013-1642

Vendor Advisory

FEDORA-2013-1626

Vendor Advisory

openSUSE-SU-2013:0274

Vendor Advisory

openSUSE-SU-2013:0275

Vendor Advisory

SUSE-SU-2013:0320

Vendor Advisory

89644

RHSA-2013:0199

Vendor Advisory

52001

Vendor Advisory

52003

Vendor Advisory

http://wiki.libvirt.org/page/Maintenance_Releases

57578

1028047

USN-1708-1

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=893450

Patch

libvirt-virnetmessagefree-code-exec(81552)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.