ID CVE-2013-0170
Summary Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11:rc2:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:1.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:1.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 22-10-2020 - 15:40)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 893450
title CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment libvirt is earlier than 0:0.9.10-21.el6_3.8
          oval oval:com.redhat.rhsa:tst:20130199001
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581002
      • AND
        • comment libvirt-client is earlier than 0:0.9.10-21.el6_3.8
          oval oval:com.redhat.rhsa:tst:20130199003
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581004
      • AND
        • comment libvirt-devel is earlier than 0:0.9.10-21.el6_3.8
          oval oval:com.redhat.rhsa:tst:20130199005
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581006
      • AND
        • comment libvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.8
          oval oval:com.redhat.rhsa:tst:20130199007
        • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581008
      • AND
        • comment libvirt-python is earlier than 0:0.9.10-21.el6_3.8
          oval oval:com.redhat.rhsa:tst:20130199009
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581010
rhsa
id RHSA-2013:0199
released 2013-01-28
severity Important
title RHSA-2013:0199: libvirt security update (Important)
rpms
  • libvirt-0:0.9.10-21.el6_3.8
  • libvirt-client-0:0.9.10-21.el6_3.8
  • libvirt-debuginfo-0:0.9.10-21.el6_3.8
  • libvirt-devel-0:0.9.10-21.el6_3.8
  • libvirt-lock-sanlock-0:0.9.10-21.el6_3.8
  • libvirt-python-0:0.9.10-21.el6_3.8
refmap via4
bid 57578
confirm
fedora
  • FEDORA-2013-1626
  • FEDORA-2013-1642
  • FEDORA-2013-1644
osvdb 89644
sectrack 1028047
secunia
  • 52001
  • 52003
suse
  • SUSE-SU-2013:0320
  • openSUSE-SU-2013:0274
  • openSUSE-SU-2013:0275
ubuntu USN-1708-1
xf libvirt-virnetmessagefree-code-exec(81552)
Last major update 22-10-2020 - 15:40
Published 08-02-2013 - 20:55
Last modified 22-10-2020 - 15:40
Back to Top