[kernel-xen] Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info
netwiz at crc.id.au
Fri Oct 11 02:44:20 EST 2013
Xen Security Advisory CVE-2013-4369 / XSA-68
possible null dereference when parsing vif ratelimiting info
UPDATES IN VERSION 2
The libxlu library function xlu_vif_parse_rate does not properly
handle inputs which consist solely of the '@' character, leading to a
NULL pointer dereference.
A toolstack which allows untrusted users to specify an arbitrary
configuration for the VIF rate can be subjected to a DOS.
The only known user of this library is the xl toolstack which does not
have a central long running daemon and therefore the impact is limited
to crashing the process which is creating the domain, which exists
only to service a single domain.
The vulnerable code is present from Xen 4.2 onwards.
Disallowing untrusted users from specifying arbitrary VIF rate limits
will avoid this issue.
This issue was discovered by Coverity Scan and Matthew Daley.
Fixed in xen-4.2.3-4
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the kernel-xen