Linux Security
Linux Security
Linux Security

ArchLinux: 201409-5: libvirt: out-of-bounds read access

Date 29 Sep 2014
690
Posted By LinuxSecurity Advisories
The package libvirt before version 1.2.8-2 is vulnerable to an out-of-bounds read access in qemuDomainGetBlockIoTune()..
Arch Linux Security Advisory ASA-201409-5
=========================================

Severity: Medium
Date    : 2014-09-29
CVE-ID  : CVE-3633
Package : libvirt
Type    : out-of-bounds read access
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE-2014

Summary
=======

The package libvirt before version 1.2.8-2 is
vulnerable to an out-of-bounds read access in qemuDomainGetBlockIoTune()..

Resolution
==========

Upgrade to 1.2.8-2.

# pacman -Syu "libvirt>=1.2.8-2"

The problem has been fixed upstream [0] but no release is available yet.

Workaround
==========

The out-of-bounds access is only possible on domains that have had disks
hot-plugged or removed from the live image without also updating the
persistent definition to match; keeping the two definitions matched or
using only transient domains will avoid the problem. Denying access to
the readonly libvirt socket will avoid the potential for a denial of
service attack, but will not prevent the out-of-bounds access from
causing a crash for a privileged client, although such a crash is no
longer a security problem.

Description
===========

Luyao Huang of Red Hat found that the qemu implementation of
virDomainGetBlockIoTune computed an index into the array of disks
for the live definition, then used it as the index into the array of
disks for the persistent definition, which could result into an
out-of-bounds read access in qemuDomainGetBlockIoTune().

Impact
======

A remote attacker able to establish a read-only connection to
libvirtd could use this flaw to crash libvirtd or, potentially,
leak memory from the libvirtd process.

References
==========

[0]
https://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633
https://security.libvirt.org/2014/0004.html
https://bugs.archlinux.org/task/42159

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"66","type":"x","order":"1","pct":75.86,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":16.09,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.05,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.