Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Generic)  >   libvirt Vendors:
libvirt Flaw in virNetServerProgramDispatchCall() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1027649
SecurityTracker URL:
CVE Reference:   CVE-2012-4423   (Links to External Site)
Date:  Oct 12 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in libvirt. A remote user can cause denial of service conditions.

A remote user with the ability to establish a read-only connection to libvirtd can send a specially crafted RPC message to trigger a flaw in virNetServerProgramDispatchCall() and cause the target libvirtd service to crash.

Wenlong Huang of the Red Hat Virtualization QE Team reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a source code fix, available at:;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 12 2012 (Red Hat Issues Fix) libvirt Flaw in virNetServerProgramDispatchCall() Lets Remote Users Deny Service   (
Red Hat has issued a fix for Red Hat Enterprise Linux 6.

 Source Message Contents

Date:  Fri, 12 Oct 2012 01:15:45 +0000
Subject:  libvirt

A flaw was found in libvirtd's RPC call handling. An attacker able to
establish a read-only connection to libvirtd could use this flaw to crash
libvirtd by sending an RPC message that has an event as the RPC number, or
an RPC number that falls into a gap in the RPC dispatch table.

CVE-2012-4423 libvirt: null function pointer invocation in virNetServerProgramDispatchCall()


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC