Lucene search

K

PRIOn knowledge basePRION:CVE-2013-6457

HistoryJan 24, 2014 - 6:55 p.m.

Command injection

2014-01-2418:55:00

PRIOn knowledge base

www.prio-n.com

4

8 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.

CPENameOperatorVersion
libvirteq0.4.1
libvirteq0.9.13
libvirteq0.8.6
libvirteq1.0.5.4
libvirteq0.9.6.3
libvirteq0.9.2
libvirteq0.4.5
libvirteq0.7.5
libvirteq0.0.6
libvirteq0.9.5

Rows per page:

1-10 of 1101

References

libvirt.org/news.html

lists.opensuse.org/opensuse-updates/2014-02/msg00060.html

secunia.com/advisories/60895

security.gentoo.org/glsa/glsa-201412-04.xml

www.ubuntu.com/usn/USN-2093-1

bugzilla.redhat.com/show_bug.cgi?id=1048629

www.redhat.com/archives/libvir-list/2013-December/msg01176.html

www.redhat.com/archives/libvir-list/2013-December/msg01258.html

8 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

Related for PRION:CVE-2013-6457

ubuntucve1 cvelist1 veracode1 cve1 debiancve1 nessus3 openvas3 ubuntu1 altlinux1 f52 gentoo1 osv15