Vigil@nce: libvirt, denial of service via RPC
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A network attacker can send invalid queries to the libvirtd
daemon, in order to stop it.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 14/09/2012
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
The libvirtd daemon provides a remote access (RPC) to libvirt
features. However, some method numbers are not used, and are thus
associated to a NULL function pointer. If an attacker queries one
of these numbers, the libvirtd daemon thus tries to execute code
located at address zero.
A network attacker can therefore send invalid queries to the
libvirtd daemon, in order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-denial-of-service-via-RPC-11948