PT-2011-1133 · Libvirt+1 · Libvirt+1

Petr Matousek

Publicado

2011-07-21

Atualizado

2024-06-15

CVE-2011-2511

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 0.9.3

Description The issue is caused by an integer overflow in libvirt, allowing remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. This can lead to a disruption in the availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For versions prior to 0.9.3, update to version 0.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the VirDomainGetVcpus RPC call to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

BDU:2015-07039

BDU:2015-07040

BDU:2015-07041

BDU:2015-07042

BDU:2015-07043

CVE-2011-2511

DSA-2280-1

OPENSUSE-SU-2024:10209-1

RHSA-2011:1019

RHSA-2011:1197

RHSA-2011_1019

RHSA-2011_1197

Produtos afetados

Red Hat

Libvirt

PT-2011-1133 · Libvirt+1 · Libvirt+1

CVE-2011-2511

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 62