CVE-2013-6458 Information
Description
Multiple race conditions in the (1) virDomainBlockStats (2) virDomainGetBlockInf (3) qemuDomainBlockJobImpl and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
Reference
http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://secunia.com/advisories/56186 http://secunia.com/advisories/56446 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.debian.org/security/2014/dsa-2846 http://www.ubuntu.com/usn/USN-2093-1 https://bugzilla.redhat.com/show_bug.cgi?id=1043069
Share on: