CVE-2013-6458

Sažetak

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

Reference

http://libvirt.org/news.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html
http://rhn.redhat.com/errata/RHSA-2014-0103.html
http://secunia.com/advisories/56186
http://secunia.com/advisories/56446
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://www.debian.org/security/2014/dsa-2846
http://www.ubuntu.com/usn/USN-2093-1
https://bugzilla.redhat.com/show_bug.cgi?id=1043069

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.2

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-01-2015 - 02:19

Objavljeno

24-01-2014 - 18:55