English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880996
Category:CentOS Local Security Checks
Title:CentOS Update for libvirt CESA-2011:1019 centos5 i386
Summary:The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'libvirt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.

An integer overflow flaw was found in libvirtd's RPC call handling. An
attacker able to establish read-only connections to libvirtd could trigger
this flaw by calling virDomainGetVcpus() with specially-crafted parameters,
causing libvirtd to crash. (CVE-2011-2511)

This update fixes the following bugs:

* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat
Enterprise Linux 5.6. A code audit found a minor API change that effected
error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1
0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send
VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected
VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2
client saw a 'Timed out during operation' message where it should see an
'Invalid network filter' error. This update adds a backported patch that
allows libvirt 0.8.2 clients to interoperate with the API as used by
libvirt 0.7.x servers, ensuring correct error messages are sent.
(BZ#665075)

* libvirt could crash if the maximum number of open file descriptors
(_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed
file descriptors outside the bounds of the set. With this update the
maximum number of open file descriptors can no longer grow larger than the
FD_SETSIZE value. (BZ#665549)

* A libvirt race condition was found. An array in the libvirt event
handlers was accessed with a lock temporarily released. In rare cases, if
one thread attempted to access this array but a second thread reallocated
the array before the first thread reacquired a lock, it could lead to the
first thread attempting to access freed memory, potentially causing libvirt
to crash. With this update libvirt no longer refers to the old array and,
consequently, behaves as expected. (BZ#671569)

* Guests connected to a passthrough NIC would kernel panic if a
system_reset signal was sent through the QEMU monitor. With this update you
can reset such guests as expected. (BZ#689880)

* When using the Xen kernel, the rpmbuild command failed on the xencapstest
test. With this update you can run rpmbuild successfully when using the Xen
kernel. (BZ#690459)

* When a disk was hot unplugged, 'ret >= 0' was passed to the qemuAuditDisk
calls in disk hotunplug operations before ret was, in fact, set to 0. As
well, the error path jumped to the 'cleanup&q ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
libvirt on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2511
1025822
http://www.securitytracker.com/id?1025822
45375
http://secunia.com/advisories/45375
45441
http://secunia.com/advisories/45441
45446
http://secunia.com/advisories/45446
DSA-2280
http://www.debian.org/security/2011/dsa-2280
FEDORA-2011-9062
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html
FEDORA-2011-9091
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
RHSA-2011:1019
http://www.redhat.com/support/errata/RHSA-2011-1019.html
RHSA-2011:1197
http://www.redhat.com/support/errata/RHSA-2011-1197.html
SUSE-SU-2011:0837
https://hermes.opensuse.org/messages/10027908
USN-1180-1
http://www.ubuntu.com/usn/USN-1180-1
[libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
[oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus
http://www.openwall.com/lists/oss-security/2011/06/28/9
http://libvirt.org/news.html
libvirt-virdomaingetvcpus-bo(68271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68271
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.