Vigil@nce: libvirt, denial of service via remoteDispatchConnError
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several simultaneous errors, in order to
stop the libvirtd daemon.
– Severity: 1/4
– Creation date: 04/04/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
The remoteDispatchConnError() function processes errors. However,
this implementation is not multi-thread safe. If two threads
simultaneously report an error, information can be mixed and can
corrupt the error manager.
An attacker can therefore generate several simultaneous errors, in
order to stop the libvirtd daemon.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-denial-of-service-via-remoteDispatchConnError-10517