PT-2009-2746 · Libvirt+1 · Libvirt Proxy+1

Josh Bressers

Published

2009-02-11

Updated

2023-02-13

CVE-2009-0036

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libvirt proxy version 0.5.1

Description A buffer overflow issue exists in the proxyReadClientSocket function, potentially allowing local users to gain privileges. This is related to the use of uninitialized memory in a validation check, which can be exploited by sending a portion of the header of a virProxyPacket packet and then sending the remainder of the packet with crafted values in the header.

Recommendations For libvirt proxy version 0.5.1, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0036

RHSA-2009:0382

RHSA-2009_0382

Affected Products

Red Hat

Libvirt Proxy

PT-2009-2746 · Libvirt+1 · Libvirt Proxy+1

CVE-2009-0036

Weakness Enumeration

Related Identifiers

Affected Products

References · 19