Bug 953107 (CVE-2013-1962) - CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool
Summary: CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets l...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-1962
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 947044 952780 957585 961593 963789
Blocks: 953122
TreeView+ depends on / blocked
 
Reported: 2013-04-17 11:43 UTC by Jan Lieskovsky
Modified: 2019-09-29 13:03 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-16 20:56:20 UTC


Attachments (Terms of Use)
Proposed patch from Jan Tomko to correct the deficiency (991 bytes, patch)
2013-04-17 11:57 UTC, Jan Lieskovsky
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0831 normal SHIPPED_LIVE Moderate: libvirt security and bug fix update 2013-05-16 18:33:32 UTC

Description Jan Lieskovsky 2013-04-17 11:43:18 UTC
A denial of service flaw was found in the way storage pool manager of libvirt, a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes), performed management of socket file descriptors when 'to list all volumes for the particular pool' request was issued (two socket file descriptors were leaked per "list all pool volumes" request). An uprivileged user could use this flaw to cause denial of service (make libvirtd daemon to exhaust / reach the maximum count of open file descriptors, the libvirtd daemon process was allowed to open, possibly preventing other users from use of libvirtd services till the libvirtd daemon was restarted).

Acknowledgements:

Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.

Comment 3 Jan Lieskovsky 2013-04-17 11:57:51 UTC
Created attachment 736816 [details]
Proposed patch from Jan Tomko to correct the deficiency

Comment 4 Jan Lieskovsky 2013-04-17 12:09:07 UTC
This issue did NOT affect the version of the libvirt package, as shipped with Red Hat Enterprise Linux 5.

--

This issue affects the version of the libvirt package, as shipped with Red Hat Enterprise Linux 6.

--

This issue did NOT affect the version of the libvirt package, as shipped with Fedora release of 17 (as it did NOT support the StoragePoolListAllVolumes API yet).

This issue affects the version of the libvirt package, as shipped with Fedora release of 18.

Comment 5 Jan Lieskovsky 2013-04-17 12:22:49 UTC
The CVE identifier of CVE-2013-1962 has been assigned to this issue.

Comment 9 Petr Matousek 2013-05-16 14:15:54 UTC
Upstream patch:

https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html

Comment 10 errata-xmlrpc 2013-05-16 14:34:25 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0831 https://rhn.redhat.com/errata/RHSA-2013-0831.html

Comment 11 Petr Matousek 2013-05-16 14:35:46 UTC
Created libvirt tracking bugs for this issue

Affects: fedora-all [bug 963789]


Note You need to log in before you can comment on or make changes to this bug.