A denial of service flaw was found in the way storage pool manager of libvirt, a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes), performed management of socket file descriptors when 'to list all volumes for the particular pool' request was issued (two socket file descriptors were leaked per "list all pool volumes" request). An uprivileged user could use this flaw to cause denial of service (make libvirtd daemon to exhaust / reach the maximum count of open file descriptors, the libvirtd daemon process was allowed to open, possibly preventing other users from use of libvirtd services till the libvirtd daemon was restarted). Acknowledgements: Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.
Created attachment 736816 [details] Proposed patch from Jan Tomko to correct the deficiency
This issue did NOT affect the version of the libvirt package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the libvirt package, as shipped with Red Hat Enterprise Linux 6. -- This issue did NOT affect the version of the libvirt package, as shipped with Fedora release of 17 (as it did NOT support the StoragePoolListAllVolumes API yet). This issue affects the version of the libvirt package, as shipped with Fedora release of 18.
The CVE identifier of CVE-2013-1962 has been assigned to this issue.
Upstream patch: https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0831 https://rhn.redhat.com/errata/RHSA-2013-0831.html
Created libvirt tracking bugs for this issue Affects: fedora-all [bug 963789]