The libxlu library function xlu_vif_parse_rate does not properly
handle inputs which consist solely of the '@' character, leading to a
NULL pointer dereference.
A toolstack which allows untrusted users to specify an arbitrary
configuration for the VIF rate can be subjected to a DOS.
The only known user of this library is the xl toolstack which does not
have a central long running daemon and therefore the impact is limited
to crashing the process which is creating the domain, which exists
only to service a single domain.
Red Hat would like to thank the Xen project for reporting this issue.
This issue does not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5 as it does not provide support for the libxl toolstack.
This issue does not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1017843]