PublicDateAtUSN: 2012-11-19
Candidate: CVE-2012-4423
PublicDate: 2012-11-19 12:10:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423
 http://www.openwall.com/lists/oss-security/2012/09/13/11
 https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
 https://ubuntu.com/security/notices/USN-1708-1
Description:
 The virNetServerProgramDispatchCall function in libvirt before 0.10.2
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and segmentation fault) via an RPC call with (1) an event as
 the RPC number or (2) an RPC number whose value is in a "gap" in the RPC
 dispatch table.
Ubuntu-Description:
Notes:
 mdeslaur> introduced in 0.9.3
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687598
 https://bugzilla.redhat.com/show_bug.cgi?id=857133
Priority: low
Discovered-by: Wenlong Huang
Assigned-to:
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a
upstream_libvirt: needed
hardy_libvirt: ignored (reached end-of-life)
lucid_libvirt: not-affected (0.7.5-5ubuntu27.23)
natty_libvirt: ignored (reached end-of-life)
oneiric_libvirt: not-affected (0.9.2-4ubuntu15.3)
precise_libvirt: released (0.9.8-2ubuntu17.7)
quantal_libvirt: released (0.9.13-0ubuntu10)
devel_libvirt: released (0.9.13-0ubuntu10)