Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0036

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2009-0036
Last Modified 21 Aug 2010 01:29:36
Published 11 Feb 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0036

Summary

Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.

Vulnerable Systems

Application

  • Libvirt 0.5.1


References

MLIST - [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory

MLIST - [libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=484947

BID - 33724

REDHAT - RHSA-2009:0382

SECUNIA - 34397

MLIST - [oss-security] 20090210 libvirt_proxy heads up

CONFIRM - http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28


Last Updated: 27 May 2016 10:49:33