Published: 24/01/2014 Updated: 03/01/2015

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

VMScore: 295

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Race condition in the virNetServerClientStartKeepAlive function in libvirt prior to 1.2.1 allows remote malicious users to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 0.0.4
redhat libvirt 0.0.5
redhat libvirt 0.0.6
redhat libvirt 0.1.0
redhat libvirt 0.10.2.2
redhat libvirt 0.10.2.3
redhat libvirt 0.10.2.4
redhat libvirt 0.10.2.5
redhat libvirt 0.4.2
redhat libvirt 0.4.3
redhat libvirt 0.4.4
redhat libvirt 0.4.5
redhat libvirt 0.7.4
redhat libvirt 0.7.5
redhat libvirt 0.7.6
redhat libvirt 0.7.7
redhat libvirt 0.9.11
redhat libvirt 0.9.11.1
redhat libvirt 0.9.11.2
redhat libvirt 0.9.11.3
redhat libvirt 0.9.11.4
redhat libvirt 0.9.6.2
redhat libvirt 0.9.6.3
redhat libvirt 0.9.7
redhat libvirt 0.9.8
redhat libvirt 1.0.6
redhat libvirt 1.1.0
redhat libvirt 1.1.1
redhat libvirt 1.1.2
redhat libvirt 0.1.6
redhat libvirt 0.1.7
redhat libvirt 0.1.8
redhat libvirt 0.1.9
redhat libvirt 0.2.2
redhat libvirt 0.2.3
redhat libvirt 0.3.0
redhat libvirt 0.3.1
redhat libvirt 0.6.1
redhat libvirt 0.6.2
redhat libvirt 0.6.3
redhat libvirt 0.6.4
redhat libvirt 0.8.4
redhat libvirt 0.8.5
redhat libvirt 0.8.6
redhat libvirt 0.8.7
redhat libvirt 0.9.12
redhat libvirt 0.9.13
redhat libvirt 0.9.2
redhat libvirt 0.9.3
redhat libvirt 1.0.3
redhat libvirt 1.0.4
redhat libvirt 1.0.5
redhat libvirt 1.0.5.1
redhat libvirt 1.0.5.2
redhat libvirt 0.0.2
redhat libvirt 0.1.3
redhat libvirt 0.1.5
redhat libvirt 0.10.0
redhat libvirt 0.10.2
redhat libvirt 0.10.2.7
redhat libvirt 0.2.0
redhat libvirt 0.3.3
redhat libvirt 0.4.1
redhat libvirt 0.4.6
redhat libvirt 0.5.1
redhat libvirt 0.7.0
redhat libvirt 0.7.2
redhat libvirt 0.8.1
redhat libvirt 0.8.3
redhat libvirt 0.8.8
redhat libvirt 0.9.1
redhat libvirt 0.9.11.5
redhat libvirt 0.9.11.7
redhat libvirt 0.9.5
redhat libvirt 0.9.6.1
redhat libvirt 0.9.9
redhat libvirt 1.0.1
redhat libvirt 1.0.5.3
redhat libvirt 1.0.5.5
redhat libvirt 1.1.4
redhat libvirt 0.0.1
redhat libvirt 0.0.3
redhat libvirt 0.1.1
redhat libvirt 0.1.4
redhat libvirt 0.10.1
redhat libvirt 0.10.2.1
redhat libvirt 0.10.2.6
redhat libvirt 0.10.2.8
redhat libvirt 0.2.1
redhat libvirt 0.3.2
redhat libvirt 0.4.0
redhat libvirt 0.5.0
redhat libvirt 0.6.0
redhat libvirt 0.6.5
redhat libvirt 0.7.1
redhat libvirt 0.7.3
redhat libvirt 0.8.0
redhat libvirt 0.8.2
redhat libvirt 0.9.0
redhat libvirt 0.9.10
redhat libvirt 0.9.11.6
redhat libvirt 0.9.11.8
redhat libvirt 0.9.4
redhat libvirt 0.9.6
redhat libvirt 1.0.0
redhat libvirt 1.0.2
redhat libvirt 1.0.5.4
redhat libvirt 1.0.5.6
redhat libvirt 1.1.3
redhat libvirt

Synopsis Moderate: libvirt security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated libvirt packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...

Several security issues were fixed in libvirt ...

Debian Bug report logs - #735676 libvirt: CVE-2014-0028 Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 17 Jan 2014 11:54:01 UTC Severity: important Tags: security Fixed in version li ...

Debian Bug report logs - #734556 libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 8 Jan 2014 ...

Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd For the s ...

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 121 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent ...

CWE-362 https://bugzilla.redhat.com/show_bug.cgi?id=1047577 http://secunia.com/advisories/56321 http://www.debian.org/security/2014/dsa-2846 http://libvirt.org/news.html http://secunia.com/advisories/56446 http://www.securitytracker.com/id/1029695 http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://www.ubuntu.com/usn/USN-2093-1 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml https://access.redhat.com/errata/RHSA-2014:0103 https://usn.ubuntu.com/2093-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1447

Get Started

CVE-2014-1447

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect