製品・ソフトウェアに関する情報

JVN脆弱性詳細

libvirt の virNetServerProgramDispatchCall 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	libvirt の virNetServerProgramDispatchCall 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	libvirt の virNetServerProgramDispatchCall 関数には、サービス運用妨害 (Null ポインタデリファレンスおよびセグメンテーション違反) 状態となる脆弱性が存在します。
Possible impacts	第三者により、下記の項目を伴う RPC コールを介して、サービス運用妨害 (Null ポインタデリファレンスおよびセグメンテーション違反) 状態にされる可能性があります。 (1) RPC 番号としてのイベント (2) RPC ディスパッチテーブルにおいて連続していない RPC 番号
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 14, 2012, midnight
Registration Date	Nov. 20, 2012, 6:11 p.m.
Last Update	Nov. 20, 2012, 6:11 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

libvirt.org

libvirt 0.10.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-4423	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423
National Vulnerability Database (NVD)
2	CVE-2012-4423	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4423

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2012-15634	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
2	FEDORA-2012-15640	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
libvirt.org
3	Release of libvirt-0.10.2	http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f8fbeb50d52520a109d71c8566fed2ea600650ec
4	security: Fix libvirtd crash possibility	http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a
Red Hat Bugzilla
5	Bug 857133	https://bugzilla.redhat.com/show_bug.cgi?id=857133
Red Hat Security Advisory
6	RHSA-2012:1359	http://rhn.redhat.com/errata/RHSA-2012-1359.html

Change Log

No	Changed Details	Date of change
0	[2012年11月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-4423

Summary	The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
Publication Date	Nov. 19, 2012, 9:10 p.m.
Registration Date	Jan. 28, 2021, 3:03 p.m.
Last Update	Nov. 21, 2024, 10:42 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:libvirt:0.4.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.13:::::::*
cpe:2.3:a:redhat:libvirt:0.8.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.2:::::::*
cpe:2.3:a:redhat:libvirt:0.4.5:::::::*
cpe:2.3:a:redhat:libvirt:0.7.5:::::::*
cpe:2.3:a:redhat:libvirt:0.0.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.5:::::::*
cpe:2.3:a:redhat:libvirt:0.5.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.2:::::::*
cpe:2.3:a:redhat:libvirt:0.1.1:::::::*
cpe:2.3:a:redhat:libvirt:0.0.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.7:::::::*
cpe:2.3:a:redhat:libvirt:0.0.1:::::::*
cpe:2.3:a:redhat:libvirt::::::::		0.10.1
cpe:2.3:a:redhat:libvirt:0.2.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.10:::::::*
cpe:2.3:a:redhat:libvirt:0.4.4:::::::*
cpe:2.3:a:redhat:libvirt:0.3.3:::::::*
cpe:2.3:a:redhat:libvirt:0.0.2:::::::*
cpe:2.3:a:redhat:libvirt:0.1.8:::::::*
cpe:2.3:a:redhat:libvirt:0.3.0:::::::*
cpe:2.3:a:redhat:libvirt:0.9.8:::::::*
cpe:2.3:a:redhat:libvirt:0.1.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.9:::::::*
cpe:2.3:a:redhat:libvirt:0.4.2:::::::*
cpe:2.3:a:redhat:libvirt:0.9.9:::::::*
cpe:2.3:a:redhat:libvirt:0.8.5:::::::*
cpe:2.3:a:redhat:libvirt:0.8.7:::::::*
cpe:2.3:a:redhat:libvirt:0.7.7:::::::*
cpe:2.3:a:redhat:libvirt:0.6.4:::::::*
cpe:2.3:a:redhat:libvirt:0.3.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
cpe:2.3:a:redhat:libvirt:0.6.5:::::::*
cpe:2.3:a:redhat:libvirt:0.8.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.12:::::::*
cpe:2.3:a:redhat:libvirt:0.2.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.3:::::::*
cpe:2.3:a:redhat:libvirt:0.7.1:::::::*
cpe:2.3:a:redhat:libvirt:0.2.3:::::::*
cpe:2.3:a:redhat:libvirt:0.0.4:::::::*
cpe:2.3:a:redhat:libvirt:0.1.0:::::::*
cpe:2.3:a:redhat:libvirt:0.6.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
cpe:2.3:a:redhat:libvirt:0.6.3:::::::*
cpe:2.3:a:redhat:libvirt:0.4.3:::::::*
cpe:2.3:a:redhat:libvirt:0.5.1:::::::*
cpe:2.3:a:redhat:libvirt:0.7.6:::::::*
cpe:2.3:a:redhat:libvirt:0.10.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.3:::::::*
cpe:2.3:a:redhat:libvirt:0.6.1:::::::*
cpe:2.3:a:redhat:libvirt:0.1.4:::::::*
cpe:2.3:a:redhat:libvirt:0.8.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.1:::::::*
cpe:2.3:a:redhat:libvirt:0.4.6:::::::*
cpe:2.3:a:redhat:libvirt:0.1.5:::::::*
cpe:2.3:a:redhat:libvirt:0.9.7:::::::*
cpe:2.3:a:redhat:libvirt:0.7.0:::::::*
cpe:2.3:a:redhat:libvirt:0.4.0:::::::*
cpe:2.3:a:redhat:libvirt:0.0.5:::::::*
cpe:2.3:a:redhat:libvirt:0.2.1:::::::*
cpe:2.3:a:redhat:libvirt:0.6.0:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11:::::::*
cpe:2.3:a:redhat:libvirt:0.8.0:::::::*
cpe:2.3:a:redhat:libvirt:0.3.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a
2	http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a
3	http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec
4	http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec
5	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
7	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
8	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
9	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
10	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
11	http://rhn.redhat.com/errata/RHSA-2012-1359.html
12	http://rhn.redhat.com/errata/RHSA-2012-1359.html
13	http://www.openwall.com/lists/oss-security/2012/09/13/14
14	http://www.openwall.com/lists/oss-security/2012/09/13/14
15	http://www.securityfocus.com/bid/55541
16	http://www.securityfocus.com/bid/55541
17	http://www.securitytracker.com/id?1027649
18	http://www.securitytracker.com/id?1027649
19	http://www.ubuntu.com/usn/USN-1708-1
20	http://www.ubuntu.com/usn/USN-1708-1
21	https://bugzilla.redhat.com/show_bug.cgi?id=857133
22	https://bugzilla.redhat.com/show_bug.cgi?id=857133
23	https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
24	https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:libvirt:0.4.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.13:::::::*
cpe:2.3:a:redhat:libvirt:0.8.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.2:::::::*
cpe:2.3:a:redhat:libvirt:0.4.5:::::::*
cpe:2.3:a:redhat:libvirt:0.7.5:::::::*
cpe:2.3:a:redhat:libvirt:0.0.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.5:::::::*
cpe:2.3:a:redhat:libvirt:0.5.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.2:::::::*
cpe:2.3:a:redhat:libvirt:0.1.1:::::::*
cpe:2.3:a:redhat:libvirt:0.0.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.7:::::::*
cpe:2.3:a:redhat:libvirt:0.0.1:::::::*
cpe:2.3:a:redhat:libvirt::::::::		0.10.1
cpe:2.3:a:redhat:libvirt:0.2.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.10:::::::*
cpe:2.3:a:redhat:libvirt:0.4.4:::::::*
cpe:2.3:a:redhat:libvirt:0.3.3:::::::*
cpe:2.3:a:redhat:libvirt:0.0.2:::::::*
cpe:2.3:a:redhat:libvirt:0.1.8:::::::*
cpe:2.3:a:redhat:libvirt:0.3.0:::::::*
cpe:2.3:a:redhat:libvirt:0.9.8:::::::*
cpe:2.3:a:redhat:libvirt:0.1.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.9:::::::*
cpe:2.3:a:redhat:libvirt:0.4.2:::::::*
cpe:2.3:a:redhat:libvirt:0.9.9:::::::*
cpe:2.3:a:redhat:libvirt:0.8.5:::::::*
cpe:2.3:a:redhat:libvirt:0.8.7:::::::*
cpe:2.3:a:redhat:libvirt:0.7.7:::::::*
cpe:2.3:a:redhat:libvirt:0.6.4:::::::*
cpe:2.3:a:redhat:libvirt:0.3.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.3:::::::*
cpe:2.3:a:redhat:libvirt:0.1.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
cpe:2.3:a:redhat:libvirt:0.6.5:::::::*
cpe:2.3:a:redhat:libvirt:0.8.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.12:::::::*
cpe:2.3:a:redhat:libvirt:0.2.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.3:::::::*
cpe:2.3:a:redhat:libvirt:0.7.1:::::::*
cpe:2.3:a:redhat:libvirt:0.2.3:::::::*
cpe:2.3:a:redhat:libvirt:0.0.4:::::::*
cpe:2.3:a:redhat:libvirt:0.1.0:::::::*
cpe:2.3:a:redhat:libvirt:0.6.2:::::::*
cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
cpe:2.3:a:redhat:libvirt:0.6.3:::::::*
cpe:2.3:a:redhat:libvirt:0.4.3:::::::*
cpe:2.3:a:redhat:libvirt:0.5.1:::::::*
cpe:2.3:a:redhat:libvirt:0.7.6:::::::*
cpe:2.3:a:redhat:libvirt:0.10.0:::::::*
cpe:2.3:a:redhat:libvirt:0.7.3:::::::*
cpe:2.3:a:redhat:libvirt:0.6.1:::::::*
cpe:2.3:a:redhat:libvirt:0.1.4:::::::*
cpe:2.3:a:redhat:libvirt:0.8.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.1:::::::*
cpe:2.3:a:redhat:libvirt:0.4.6:::::::*
cpe:2.3:a:redhat:libvirt:0.1.5:::::::*
cpe:2.3:a:redhat:libvirt:0.9.7:::::::*
cpe:2.3:a:redhat:libvirt:0.7.0:::::::*
cpe:2.3:a:redhat:libvirt:0.4.0:::::::*
cpe:2.3:a:redhat:libvirt:0.0.5:::::::*
cpe:2.3:a:redhat:libvirt:0.2.1:::::::*
cpe:2.3:a:redhat:libvirt:0.6.0:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11:::::::*
cpe:2.3:a:redhat:libvirt:0.8.0:::::::*
cpe:2.3:a:redhat:libvirt:0.3.2:::::::*