Bug 953107 - (CVE-2013-1962) CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool
CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets l...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130516,repor...
: Security
Depends On: 947044 952780 957585 961593 963789
Blocks: 953122
  Show dependency treegraph
 
Reported: 2013-04-17 07:43 EDT by Jan Lieskovsky
Modified: 2013-05-16 16:56 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-16 16:56:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch from Jan Tomko to correct the deficiency (991 bytes, patch)
2013-04-17 07:57 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2013-04-17 07:43:18 EDT
A denial of service flaw was found in the way storage pool manager of libvirt, a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes), performed management of socket file descriptors when 'to list all volumes for the particular pool' request was issued (two socket file descriptors were leaked per "list all pool volumes" request). An uprivileged user could use this flaw to cause denial of service (make libvirtd daemon to exhaust / reach the maximum count of open file descriptors, the libvirtd daemon process was allowed to open, possibly preventing other users from use of libvirtd services till the libvirtd daemon was restarted).

Acknowledgements:

Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.
Comment 3 Jan Lieskovsky 2013-04-17 07:57:51 EDT
Created attachment 736816 [details]
Proposed patch from Jan Tomko to correct the deficiency
Comment 4 Jan Lieskovsky 2013-04-17 08:09:07 EDT
This issue did NOT affect the version of the libvirt package, as shipped with Red Hat Enterprise Linux 5.

--

This issue affects the version of the libvirt package, as shipped with Red Hat Enterprise Linux 6.

--

This issue did NOT affect the version of the libvirt package, as shipped with Fedora release of 17 (as it did NOT support the StoragePoolListAllVolumes API yet).

This issue affects the version of the libvirt package, as shipped with Fedora release of 18.
Comment 5 Jan Lieskovsky 2013-04-17 08:22:49 EDT
The CVE identifier of CVE-2013-1962 has been assigned to this issue.
Comment 9 Petr Matousek 2013-05-16 10:15:54 EDT
Upstream patch:

https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html
Comment 10 errata-xmlrpc 2013-05-16 10:34:25 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0831 https://rhn.redhat.com/errata/RHSA-2013-0831.html
Comment 11 Petr Matousek 2013-05-16 10:35:46 EDT
Created libvirt tracking bugs for this issue

Affects: fedora-all [bug 963789]

Note You need to log in before you can comment on or make changes to this bug.