Wind River Support Network

HomeDefectsLIN6-9057
Fixed

LIN6-9057 : Security Advisory - libvirt - CVE-2013-4399

Created: Dec 14, 2014    Updated: Dec 3, 2018
Resolved Date: Jan 19, 2015
Found In Version: 6.0.0.16
Fix Version: 6.0.0.17
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4399

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube