CVE-2011-2511
Priority
Medium
Description
Integer overflow in libvirt before 0.9.3 allows remote authenticated users
to cause a denial of service (libvirtd crash) and possibly execute
arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers
memory corruption.
to cause a denial of service (libvirtd crash) and possibly execute
arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers
memory corruption.
References
Notes
jdstrand> DoS is confirmed by a remote authenticated user
jdstrand> 89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550 (gnulib) may not actually
be required to fix in stable releases.
jdstrand> fixed in 0.8.3-5+squeeze2
jdstrand> 89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550 (gnulib) may not actually
be required to fix in stable releases.
jdstrand> fixed in 0.8.3-5+squeeze2
Assigned-to
jdstrand
Package
| Upstream: | released (0.9.3, 0.9.2-7) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (0.7.5-5ubuntu27.16) |
| Ubuntu 11.04 (Natty Narwhal): | released (0.8.8-1ubuntu6.5) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (0.9.2-4ubuntu6) |
Patches:
| Upstream: | https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html |
| Upstream: | 774b21c163845170c9ffa873f5720d318812eaf6 |
| Upstream: | 89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550 |
| Vendor: | https://rhn.redhat.com/errata/RHSA-2011-1019.html |