[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4369 / XSA-68 version 2 possible null dereference when parsing vif ratelimiting info UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The libxlu library function xlu_vif_parse_rate does not properly handle inputs which consist solely of the '@' character, leading to a NULL pointer dereference. IMPACT ====== A toolstack which allows untrusted users to specify an arbitrary configuration for the VIF rate can be subjected to a DOS. The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain. VULNERABLE SYSTEMS ================== The vulnerable code is present from Xen 4.2 onwards. MITIGATION ========== Disallowing untrusted users from specifying arbitrary VIF rate limits will avoid this issue. CREDITS ======= This issue was discovered by Coverity Scan and Matthew Daley. RESOLUTION ========== Applying the attached patch resolves this issue in all branches xsa68.patch xen-unstable, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa68*.patch 64716cb49696298e0bbd9556fe9d6f559a4e2785081e28d50607317b6e27ba32 xsa68.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSVpv6AAoJEIP+FMlX6CvZh5AH/3eMQvmLfgXNbr/vBFKwwJFc FXd/5N76S17ZI5jTPLoXc1GiXOI9MhPNazKo6e/RLYkVrxgK4Cq8jowBJBgg8Q4R egOlTinu87uT3ik6DP1ZQVQXEC2Wot0lJwjkN5B/72Tx/ldnS7i/Wi7P5QW7kzcJ 3FWSoCP/degKK/pBbPbt6keUjsUgkIXR3S0Vx/5+NXWeGMfjBFMqV6O1TQ1COkjw GrvYzXBPAnhmw0fUSYdh87Ed2MH0nZqBGuP/b4wlXqoYWBZN/1xs8M+txnfGLyRm +vvoM5shs+IiC0cVUcOPF+o7xZRiF6ZNdEMZdMV0NPHNeVEKtdXd6zlc/7VWuvM= =9/V5 -----END PGP SIGNATURE----- Attachment:
xsa68.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |