CVE-2013-1962
Published: 28 May 2013
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
Notes
Author | Note |
---|---|
jdstrand | remoteDispatchStoragePoolListAllVolumes() is not in quantal and earlier |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
(code-not-present)
|
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Not vulnerable
(code-not-present)
|
|
raring |
Released
(1.0.2-0ubuntu11.13.04.2)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 |