CVE-2014-3657 - The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up t

CVE-2014-3657

Summary

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

References

Vulnerable Configurations

cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-02-2023 - 00:41)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1145667
title	CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment libvirt is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352001
comment libvirt is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131581002

AND

comment libvirt-client is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352003
comment libvirt-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131581004

AND

comment libvirt-daemon is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352005
comment libvirt-daemon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914006

AND

comment libvirt-daemon-config-network is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352007
comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914008

AND

comment libvirt-daemon-config-nwfilter is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352009
comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914010

AND

comment libvirt-daemon-driver-interface is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352011
comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914012

AND

comment libvirt-daemon-driver-lxc is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352013
comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914014

AND

comment libvirt-daemon-driver-network is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352015
comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914016

AND

comment libvirt-daemon-driver-nodedev is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352017
comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914018

AND

comment libvirt-daemon-driver-nwfilter is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352019
comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914020

AND

comment libvirt-daemon-driver-qemu is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352021
comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914022

AND

comment libvirt-daemon-driver-secret is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352023
comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914024

AND

comment libvirt-daemon-driver-storage is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352025
comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914026

AND

comment libvirt-daemon-kvm is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352027
comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914028

AND

comment libvirt-daemon-lxc is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352029
comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914030

AND

comment libvirt-devel is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352031
comment libvirt-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131581006

AND

comment libvirt-docs is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352033
comment libvirt-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914034

AND

comment libvirt-lock-sanlock is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352035
comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131581008

AND

comment libvirt-login-shell is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352037
comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140914038

AND

comment libvirt-python is earlier than 0:1.1.1-29.el7_0.3
oval oval:com.redhat.rhsa:tst:20141352039
comment libvirt-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131581010

rhsa

id	RHSA-2014:1352
released	2014-10-01
severity	Moderate
title	RHSA-2014:1352: libvirt security and bug fix update (Moderate)

rpms

libvirt-0:1.1.1-29.el7_0.3
libvirt-client-0:1.1.1-29.el7_0.3
libvirt-daemon-0:1.1.1-29.el7_0.3
libvirt-daemon-config-network-0:1.1.1-29.el7_0.3
libvirt-daemon-config-nwfilter-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-interface-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-lxc-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-network-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-nodedev-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-nwfilter-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-qemu-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-secret-0:1.1.1-29.el7_0.3
libvirt-daemon-driver-storage-0:1.1.1-29.el7_0.3
libvirt-daemon-kvm-0:1.1.1-29.el7_0.3
libvirt-daemon-lxc-0:1.1.1-29.el7_0.3
libvirt-debuginfo-0:1.1.1-29.el7_0.3
libvirt-devel-0:1.1.1-29.el7_0.3
libvirt-docs-0:1.1.1-29.el7_0.3
libvirt-lock-sanlock-0:1.1.1-29.el7_0.3
libvirt-login-shell-0:1.1.1-29.el7_0.3
libvirt-python-0:1.1.1-29.el7_0.3
libvirt-0:0.10.2-46.el6_6.2
libvirt-client-0:0.10.2-46.el6_6.2
libvirt-debuginfo-0:0.10.2-46.el6_6.2
libvirt-devel-0:0.10.2-46.el6_6.2
libvirt-lock-sanlock-0:0.10.2-46.el6_6.2
libvirt-python-0:0.10.2-46.el6_6.2

refmap via4

confirm	http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fc22b2e74890873848b43fffae43025d22053669 http://security.libvirt.org/2014/0005.html
secunia	60291 62303
suse	openSUSE-SU-2014:1290 openSUSE-SU-2014:1293
ubuntu	USN-2404-1

Last major update

13-02-2023 - 00:41

Published

06-10-2014 - 14:55

Last modified

13-02-2023 - 00:41