Vigil@nce - libvirt: invalid pointer free via virFileNBDDeviceAssociate
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can free an invalid pointer in the
virFileNBDDeviceAssociate() function of libvirt, in order to
trigger a denial of service, and possibly to execute code.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 23/09/2013
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
The virFileNBDDeviceAssociate() function of the src/util/virfile.c
file associates a device. However, it does not initialize a
pointer which is then freed.
An attacker can therefore free an invalid pointer in the
virFileNBDDeviceAssociate() function of libvirt, in order to
trigger a denial of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-invalid-pointer-free-via-virFileNBDDeviceAssociate-13464