National Cyber Awareness System

Vulnerability Summary for CVE-2012-4423

Overview

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [libvirt] 20120912 [PATCH] Fix libvirtd crash possibility

Hyperlink:https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html

External Source: MISC

Name: https://bugzilla.redhat.com/show_bug.cgi?id=857133

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=857133

External Source: UBUNTU

Name: USN-1708-1

Hyperlink:http://www.ubuntu.com/usn/USN-1708-1

External Source: SECTRACK

Name: 1027649

Hyperlink:http://www.securitytracker.com/id?1027649

External Source: BID

Name: 55541

Hyperlink:http://www.securityfocus.com/bid/55541

External Source: MLIST

Name: [oss-security] 20120913 Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall()

Hyperlink:http://www.openwall.com/lists/oss-security/2012/09/13/14

External Source: REDHAT

Name: RHSA-2012:1359

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1359.html

External Source: SUSE

Name: openSUSE-SU-2013:0274

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html

External Source: FEDORA

Name: FEDORA-2012-15640

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html

External Source: FEDORA

Name: FEDORA-2012-15634

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html

External Source: CONFIRM

Name: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f8fbeb50d52520a109d71c8566fed2ea600650ec

Hyperlink:http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f8fbeb50d52520a109d71c8566fed2ea600650ec

External Source: CONFIRM

Name: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a

Hyperlink:http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a