Vigil@nce - libvirt: descriptor leak via PoolListAllVolumes
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a file descriptor leak in the
remoteDispatchStoragePoolListAllVolumes() function of libvirt, in
order to trigger a denial of service.
– Impacted products: Fedora, RHEL, Unix (platform)
– Severity: 2/4
– Creation date: 16/05/2013
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
The remoteDispatchStoragePoolListAllVolumes() function of the
daemon/remote.c file lists storage volumes. However, on each call,
it does not free two file descriptors.
An attacker can therefore create a file descriptor leak in the
remoteDispatchStoragePoolListAllVolumes() function of libvirt, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-descriptor-leak-via-PoolListAllVolumes-12838