[kernel-xen] Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info
Steven Haigh
netwiz at crc.id.au
Fri Oct 11 02:44:20 EST 2013
Xen Security Advisory CVE-2013-4369 / XSA-68
version 2
possible null dereference when parsing vif ratelimiting info
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
The libxlu library function xlu_vif_parse_rate does not properly
handle inputs which consist solely of the '@' character, leading to a
NULL pointer dereference.
IMPACT
======
A toolstack which allows untrusted users to specify an arbitrary
configuration for the VIF rate can be subjected to a DOS.
The only known user of this library is the xl toolstack which does not
have a central long running daemon and therefore the impact is limited
to crashing the process which is creating the domain, which exists
only to service a single domain.
VULNERABLE SYSTEMS
==================
The vulnerable code is present from Xen 4.2 onwards.
MITIGATION
==========
Disallowing untrusted users from specifying arbitrary VIF rate limits
will avoid this issue.
CREDITS
=======
This issue was discovered by Coverity Scan and Matthew Daley.
RESOLUTION
==========
Fixed in xen-4.2.3-4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20131011/92fef5d3/attachment.sig>
More information about the kernel-xen
mailing list