Vulnerability Details : CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
Vulnerability category: Denial of service
Products affected by CVE-2011-1486
- cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1486
2.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1486
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST |
CWE ids for CVE-2011-1486
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1486
-
http://www.redhat.com/support/errata/RHSA-2011-0479.html
Support
-
http://securitytracker.com/id?1025477
libvirt Error Handling Flaw Lets Remote Users Deny Service - SecurityTracker
-
http://support.avaya.com/css/P8/documents/100134583
ASA-2011-139 (RHSA-2011-0478)
-
http://www.ubuntu.com/usn/USN-1152-1
USN-1152-1: libvirt vulnerabilities | Ubuntu security notices
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670
libvirt.org Git
-
http://www.debian.org/security/2011/dsa-2280
Debian -- Security Information -- DSA-2280-1 libvirt
-
http://www.redhat.com/support/errata/RHSA-2011-0478.html
Support
-
https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html
[libvirt] [PATCH] Make error reporting in libvirtd thread safePatch
-
http://www.securityfocus.com/bid/47148
libvirt Threads Local Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=693391
693391 – (CVE-2011-1486) CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safePatch
Jump to