Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8135

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2014-8135
Last Modified 09 Jan 2015 09:59:32
Published 19 Dec 2014 10:59:09
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-8135

Summary

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

Vulnerable Systems

Application

  • Redhat Libvirt -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1087104

SECUNIA - 61111

CONFIRM - http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984

CONFIRM - http://security.libvirt.org/2014/0009.html

SUSE - openSUSE-SU-2015:0008


Last Updated: 27 May 2016 11:03:26