Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127 | signature vdb entry |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html | vendor advisory mailing list exploit |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html | vendor advisory mailing list exploit |
| http://www.securityfocus.com/bid/33724 | vdb entry |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html | vendor advisory mailing list exploit |
| https://bugzilla.redhat.com/show_bug.cgi?id=484947 | vendor advisory |
| http://www.redhat.com/support/errata/RHSA-2009-0382.html | vendor advisory |
| http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 | |
| http://openwall.com/lists/oss-security/2009/02/10/8 | mailing list |
| http://secunia.com/advisories/34397 | third party advisory |