ID

VAR-201303-0027


CVE

CVE-2012-3411


TITLE

Dnsmasq Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 54353 // CNNVD: CNNVD-201207-080

DESCRIPTION

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. Dnsmasq is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions through a stream of spoofed DNS queries producing large results. Dnsmasq versions 2.62 and prior are vulnerable. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311) It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. Now, the VDSM version compatibility is considered and the upgrade message only displays if there is an upgrade relevant to the host available. As a result, virtual machines with supported CPU models were not being properly parsed by libvirt and failed to start. Virtual machines now start normally. This allows for multiple versions of the hypervisor package to be installed on a system concurrently without making changes to the yum configuration as was previously required. Bugs fixed (http://bugzilla.redhat.com/): 833033 - CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks 835162 - rhev-hypervisor 6.4 release 853092 - rhev-h: supported vdsm compatibility versions should be supplied along with rhev-h ISOs 863579 - RFE: Support installonlypkgs functionality for rhev-hypervisor packages 875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes 912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor 6. packets that should not be passed in) may be sent to the dnsmasq application and processed. This can result in DNS amplification attacks for example (CVE-2012-3411). It was found that after the upstream patch for CVE-2012-3411 issue was applied, dnsmasq still: - replied to remote TCP-protocol based DNS queries (UDP protocol ones were corrected, but TCP ones not) from prohibited networks, when the --bind-dynamic option was used, - when --except-interface lo option was used dnsmasq didn&#039;t answer local or remote UDP DNS queries, but still allowed TCP protocol based DNS queries, - when --except-interface lo option was not used local / remote TCP DNS queries were also still answered by dnsmasq. This update fix these three cases. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRYvSNmqjQ0CJFipgRAmDuAKDqB4WerX13N+7g/zR6iU5C6b8QjACdEdEW koGb8Voa5rhgjjRVCT1ZvBg= =VQ4h -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dnsmasq: Denial of Service Date: June 25, 2014 Bugs: #436894, #453170 ID: 201406-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Dnsmasq can lead to a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.66" References ========== [ 1 ] CVE-2012-3411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3411 [ 2 ] CVE-2013-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0198 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security, bug fix and enhancement update Advisory ID: RHSA-2013:0277-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0277.html Issue date: 2013-02-21 CVE Names: CVE-2012-3411 ===================================================================== 1. Summary: Updated dnsmasq packages that fix one security issue, one bug, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. (CVE-2012-3411) In order to fully address this issue, libvirt package users are advised to install updated libvirt packages. Refer to RHSA-2013:0276 for additional information. This update also fixes the following bug: * Due to a regression, the lease change script was disabled. Consequently, the "dhcp-script" option in the /etc/dnsmasq.conf configuration file did not work. This update corrects the problem and the "dhcp-script" option now works as expected. (BZ#815819) This update also adds the following enhancements: * Prior to this update, dnsmasq did not validate that the tftp directory given actually existed and was a directory. Consequently, configuration errors were not immediately reported on startup. This update improves the code to validate the tftp root directory option. As a result, fault finding is simplified especially when dnsmasq is called by external processes such as libvirt. (BZ#824214) * The dnsmasq init script used an incorrect Process Identifier (PID) in the "stop", "restart", and "condrestart" commands. Consequently, if there were some dnsmasq instances running besides the system one started by the init script, then repeated calling of "service dnsmasq" with "stop" or "restart" would kill all running dnsmasq instances, including ones not started with the init script. The dnsmasq init script code has been corrected to obtain the correct PID when calling the "stop", "restart", and "condrestart" commands. As a result, if there are dnsmasq instances running in addition to the system one started by the init script, then by calling "service dnsmasq" with "stop" or "restart" only the system one is stopped or restarted. (BZ#850944) * When two or more dnsmasq processes were running with DHCP enabled on one interface, DHCP RELEASE packets were sometimes lost. Consequently, when two or more dnsmasq processes were running with DHCP enabled on one interface, releasing IP addresses sometimes failed. This update sets the SO_BINDTODEVICE socket option on DHCP sockets if running dnsmasq with DHCP enabled on one interface. As a result, when two or more dnsmasq processes are running with DHCP enabled on one interface, they can release IP addresses as expected. (BZ#887156) All users of dnsmasq are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 833033 - CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks 850944 - "service dnsmasq restart (or dnsmasq package update) kills all instances of dnsmasq on system, including those started by libvirtd 884957 - guest can not get NAT IP from dnsmasq-2.48-10 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm ppc64: dnsmasq-2.48-13.el6.ppc64.rpm dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm s390x: dnsmasq-2.48-13.el6.s390x.rpm dnsmasq-debuginfo-2.48-13.el6.s390x.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm ppc64: dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm dnsmasq-utils-2.48-13.el6.ppc64.rpm s390x: dnsmasq-debuginfo-2.48-13.el6.s390x.rpm dnsmasq-utils-2.48-13.el6.s390x.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3411.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0276.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbynXlSAg2UNWIIRAvO7AKC9DX720FbYDvxil9RlNiiZHmN2TQCglV5s c8EDGXAb588QM/PyzO8J+9A= =GXp0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. This update includes the changes necessary to call dnsmasq with a new command line option, which was introduced to dnsmasq via RHSA-2013:0277. Space precludes documenting all of these changes in this advisory. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. Bugs fixed (http://bugzilla.redhat.com/): 695394 - default migration speed is too low for guests with heavy IO 713922 - virsh man page refers to unspecified "documentation" 724893 - RFE: better message when start the guest which CPU comprises flags that host doesn't support 770285 - cpu-compare fails inside virtualized hosts 770795 - blkioParameters doesn't work 770830 - --config doesn't work correctly for blkiotune option --device-weight 771424 - RFE: Resident Set Size (RSS) limits on qemu guests 772290 - RFE: Configurable VNC start port or ability to exclude use of specific ports 787906 - [python binding] migrateGetMaxSpeed did not work right with parameters 789327 - [RFE] Resume VM from s3 as a response for monitor/keyboard/mouse action 798467 - libvirt doesn't validate a manually specified MAC address for a KVM guest 799986 - libvirtd should explicitly check for existance of configured sanlock directory before trying to register lockspace 801772 - RFE: Use scsi-hd, scsi-cd instead of scsi-disk 803577 - virsh attach-disk should detect disk source file type when sourcetype is not specified 804601 - Controllers do not support virsh attach/detach-device --persistent 805071 - RFE : Dynamically change the host network/bridge that is attached to a vNIC 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections 805361 - RFE: privnet should work well with lxc 807545 - the programming continue to run when executing virsh snapshot-list with --roots and --from mutually exclusive options 807907 - Tunnelled migration sometimes report error when do scalability test 807996 - libvirtd may hang during tunneled migration 810799 - virsh list and "--managed-save " flag can't list the domains with managed save state 813191 - virt-xml-validate fail for pool, nodedev and capabilities 813735 - Non detection of qemu TCG mode support within a RHEL VM 813819 - Unable to disable sending keep-alive messages 815644 - There is no executable permission on default pool. 816448 - inaccurate display for status of stopped libvirt-guests service 816503 - [RFE] Ability to configure sound pass-through to appear as MIC as opposed to line-in 816609 - [libvirt] python bindings have inconsistent handling of float->int conversion 817219 - Don't allow to define multiple pools with the same target 817239 - dominfo outputs incorrectly for memory unit 817244 - Issues about virsh -h usage 818467 - Improve libvirt debug capability 818996 - [rfe] allow to disable usb & vga altogether 819401 - [LXC] virsh dominfo can't get a correct VCPU number 820173 - Libvirtd fails to initialize sanlock driver 821665 - unclear error message: qemu should report 'lsi' is not supported 822068 - libvirtd will crash when hotplug attah-disk to guest 822340 - There are some typos when virsh connect source guest server with ssh PermitRootLogin disabled 822373 - libvirtd will crash when tight loop of hotplug/unplug PCI device to guest without managed=yes 823362 - vol-create-as should fail when allocate a malformed size image 823765 - libvirt should raise an error when set network with special/invalid MAC address 823850 - find-storage-pool-sources/ find-storage-pool-sources-as can't return XML describing of netfs/iscsi pool 823857 - guest can't start with unable to set security context error if guests are unconfined 824253 - manpage: document limitations on identifying domains with numeric names 825068 - Start a guest with assigned usb device which is used by another guest will reset the label 825108 - unexpected result from virt-pki-validate 825600 - spice client could not disconnect after update graphics with connected='disconnect' 825699 - Can't start pool with uuid and other commands with uuid issue 825820 - Libvirt is missing important hooks 827234 - potential to deadlock libvirt on EPIPE 827380 - Minimum value for nodesuspend time duration need be given in virsh manual or help 827519 - "Unable to determine device index for network device" when attaching new network device to a guest that already has a netdev of type='hostdev' 828023 - [libvirt] Setting numa parameters causes guest xml error 828640 - valgrind defects some use-after-free errors - virsh console 828676 - virt-xml-validate validate fails when xml contains kernel/initrd/cmdline elements 828729 - CPU topology parsing bug on special NUMA platform 829107 - valgrind defects some use-after-free errors - virsh change-media 829246 - virsh detach-disk will be failed with special image name 829562 - virsh attach-disk --cache does not work 830051 - [Doc] virsh doc has error/omission on device commands and nodedev commands 830057 - man doc of vol-create-as format is lack of qed and vmdk 831044 - #libvirtd error messages should be fixed 831049 - Update libvirtd manpage to describe how --timeout works & its usage limitations 831099 - add the ability to set a wwn for SCSI disks 831149 - virt-manager causes iowait, due to rewriting XML files repeatable 832004 - vncdisplay can't output default ip address for the vnc display 832081 - Fix keepalive issues in libvirt 832156 - RFE: Support customizable actions when sanlock leases are lost 832302 - libvirt shouldn't delete an existing unregistered volume in vol-create 832309 - [Doc]Problems about manual and help of virsh desc command 832329 - [Doc]Problems about help of virsh domiftune command 832372 - [Doc]Problems about manual and help of virsh dompmsuspend command 833327 - [Doc]The abbreviation of domain name-id-uuid arguments are inconsistent in manual 833674 - Deactivate memory balloon with type of none get wrong error info 834365 - Improve error message when trying to change VM's processor count to 0 834927 - virConnectDomainEventRegisterAny won't register the same callback for the same event but for different domains 835782 - when create the netfs pool, virsh pool-create-as do not remount the target dir which is mounted for another device firstly. 836135 - spice migration: prevent race with libvirt 837466 - virsh report error when quit virsh connection 837470 - libvirtd crash when virsh find-storage-pool-sources 837485 - can not start vdsmd service after update the libvirt packages 837542 - [regression]can't undefine guest after guest saved. 837544 - snapshot-list return core dumped 837761 - [Doc] Inaccurate description about force option in change-media help 837884 - per-machine-type CPU models for safe migration 839537 - Error occurs when given hard_limit in memtune more than current swap_hard_limit 839557 - [Doc]Need to explain in manual that the output memory of memtune command may be rounded 839661 - libvirt: support QMP event for S4 839930 - There is no message if debug level number is out of scope when run a virsh command with -d option 842208 - "Segmentation fault" when use virsh command with vdsm installed 842272 - include-passwd option can't worked when using domdisplay. 842557 - libvirt doesn't check ABI compatibility of watchdog and channel fully 842966 - [snapshot] snapshot-info report unknow procedure error even snapshot-info works well 842979 - [Regression] lxc domain fail to start due to not exist cgroup dir 843324 - snapshot-edit will report error message but return 0 when do not update xml 843372 - disk-only snapshot create external file even if snapshot command failed 843560 - Add live migration support for USB 843716 - The libvirtd deamon was killed abnormally when i destroy a domain which was in creating process 844266 - Fail to modify the domain xml with saved file 844408 - after failed hotplug qemu keeps the file descriptor open 845448 - [blockcopy]sometimes Ctrl+C can't terminate blockcopy when use --wait with other options 845460 - exit console will crash libvirtd 845468 - snapshot-list --descendants --from will core dumped 845521 - Plug memory leak after escaping sequence for console 845523 - Use after free when escaping sequence for console 845635 - Return a specific error when qemu-ga is missing or unusable during a live snapshot (quiesce) 845893 - Double close of FD when failing to connect to a remote hypervisor 845958 - libvirt domain event handler can not catch domain pmsuspend and get error when pmwakeup 845966 - libvirt pmsuspend to disk will crash libvirtd 845968 - numatune command can't handle nodeset with '^' for excluding a node 846265 - virsh blkdeviotune fail 846629 - Failed to run cpu-stats when cpuacct.usage_percpu is too large 846639 - Should forbid suspend&resume operate when guest in pmsuspend status. 848648 - [Doc] Add annotation about how to enable stack traces in log messages 851391 - Throw out "DBus support" error in libvirtd.log when restart libvirtd 851395 - xml parse error occur after upgrade to the newest package 851397 - can not start guest in rhevm 851423 - virsh segmentation fault when using find-storage-pool-sources 851452 - unexpected result of virsh save when stop libvirtd 851491 - Libvirtd crash when set "security_default_confined = 0" in qemu.conf 851959 - cpuset can be set in two places. 851963 - Guest will be undefined if remove channel content 851981 - The migration with macvtap network was denied by the target when i set "setenforce 1" in the target 852260 - AFFECT_CURRENT flag does not work well in set_scheduler_parameters when domain is shutoff 852383 - libvirtd dead when start a domain with openvswitch interface 852592 - libvirtd will be crashed when run vcpupin more than once 852668 - libvirt got security label parse error with xml 852675 - [Graphical framebuffer] update device with connected parameter "fail", guest's xml changed 852984 - virsh start command will be hung with openvswitch network interface 853002 - [qemu-ga]shutdown guest by qemu-guest-agent will successful but report error 853043 - guest can't start with unable to set security context error if guests are unconfined 853342 - [doc]There are some typos in CPU Tuning part of the formatdomain.html 853567 - Request for taking fix for PF shutdown in 802.1Qbh 853821 - virsh reboot with 'agent' shutdown mode will hang 853925 - [configuration][doc] set security_driver in qemu.conf 853930 - It is failed to start guest when the number of vcpu is different between <vcpu> and <cputune/> 854133 - libvirt should check the range of emulator_period and emulator_quota when set them with --config 854135 - The libvirt domain event handler can't catch the disconnecting information when disconnected the guest 855218 - Problems on CPU tuning 855237 - [libvirt] Add a new boot parameter to set the delay time before rebooting 855783 - improve error message for secret-get-value 856247 - full RHEL 6.4 block-copy support 856489 - Modify target type of channel element from 'virtio' to 'guestfwd' will cause libvirtd crash 856528 - List option --state-shutoff should filter guest properly 856864 - Do live migration from rhel6.1.z release version to rhel6.4 newest version and back will get "error Unknown controller type 'usb'" 856950 - Deadlock on libvirt when playing with hotplug and add/remove vm 856951 - The value of label is wrong with static dac model in xml 857013 - Failed to run cpu-stats after vcpu hotplug 857341 - fail to start lxc domain 857367 - destroy default virtual network throw error in libvirtd.log 858204 - The libvirt augeas lens can't parse a libvirtd.conf file where host_uuid is present 859320 - libvirt auth.conf make virsh cmd Segmentation fault (core dumped) 859331 - Create new guest fail with usermode 859712 - [libvirt] Deadlock in libvirt after storage is blocked 860519 - security: support for names on DAC labels 860907 - It reported an error when checked the schedinfo of the lxc guest 860971 - There should be a comma between "kvmclock" and "kvm_pv_eoi" in qemu-kvm cmd generated by libvirt 861564 - fail to start lxc os container 863059 - Unable to migrate guest: internal error missing hostuuid element in migration data 863115 - libvirt calls 'qemu-kvm -help' too often 864097 - Cannot start domains with custom CPU model 864122 - virtualport parameter profileid in a <network> or <portgroup> causes failure to initialize guest interface 864336 - [LXC] destroy domain will hang after restart libvirtd 864384 - virsh list get error msg when connect ESXi5.0 server 865670 - Warning messages "Found untested VI API major/minor version 5.1" show when connect to esx5.1 server 866288 - libvirtd crashes when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML 866364 - libvirtd crash when edit a net with some operation 866369 - libvirt: terminating vm on signal 15 when hibernate fails on ENOSPACE 866388 - libvirt: no event is sent to vdsm in case vm is terminated on signal 15 after hibernate failure 866508 - Fail to import libvirt python module due to 'undefined symbol: libssh2_agent_free' 866524 - use-after-free on virsh node-memory-tune 866999 - CPU topology is missing in capabilities XML when libvirt fails to detect host CPU model 867246 - [LXC] A running guest will be stopped after restarting libvirtd service 867372 - Can not change affinity of domain process with "cpuset "of <vcpu> element. 867412 - libvirt fails to clear async job when p2p migration fails early 867724 - Libvirt sometimes fails to wait on spice to migrate 867764 - default machine type is detected incorrectly 868389 - virsh net-update to do a live add of a static host to a network that previously had no static hosts, reports success, but doesn't take effect until network is restarted. 868483 - multiple default portgroups erroneously allowed in network definitions 868692 - Libvirt: Double dash in VM causes it to disappear - bad parsing of XML 869096 - Vcpuinfo don't return numa's CPU Affinity properly on mutiple numa node's machine 869100 - poor error message for virsh snapshot-list --roots --current 869508 - the option --flags of virsh nodesuspend command should be removed 869557 - Can't add more than 256 logical networks 870099 - virsh emulatorpin still can work when vcpu placement is "auto". 870273 - coding errors in virsh man page 871055 - libvirt should support both upstream and RHEL drive-mirror 871201 - If libvirt is restarted after updating dnsmasq or radvd packages, a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd processes 871312 - emulatorpin affinity isn't the same as Cpus_allowed_list of emulator ' thread when cpuset is specified 872104 - wrong description of net-update option(config, live and current) 872656 - virNodeGetMemoryParameters is broken on older kernels 873134 - setting current memory equal to max will end with domain start as current > max 873537 - virsh save will crash libvirtd sometimes 873538 - [Regression] Define domain failed in ESX5.1 873792 - libvirt: cancel migration is sent but migration continues 873934 - Failed to run Coverity on libvirt RHEL source rpm 874050 - virsh nodeinfo can't get the right info on AMD Bulldozer cpu 874171 - virsh should make external checkpoint creation easy 874330 - First autostarted guest has always id 1 874549 - libvirt_lxc segfaults when staring lxc through openstack 874702 - CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy 874860 - libvirt fails to start if storage pool contains image with missing backing file 876415 - virDomainGetVcpuPinInfo might fail to show right CPU affinity setting 876816 - libvirt should allow disk-only (external) snapshots of offline VMs 876817 - virsh should make it easier to filter snapshots by type 876828 - the qcow2 disk's major:minor number still exists in guest's devices.list after hot-unplug 876868 - virsh save guest with an no-exist xml should show error msg 877095 - libvirt doesn't clean up open files for device assignment 877303 - virsh snapshot-edit prints garbage with wrong parameters 878376 - Coverity scan founds some resource leaks and USE_AFTER_FREE 878400 - virsh pool-destroy should fail with error info when pool is in using 878779 - domdisplay with --include-password can't display VNC passwor 878862 - NULL pointer usage when starting guest with broken image chain 879130 - there is not error message when create external checkpoint with --memspec= (NULL) 879132 - create external checkpoint sometimes will crash libvirtd 879360 - Libvirt leaks libvirt_lxc processes on container shutdown 879473 - net-update may cause libvirtd crash when modify portgroup 879780 - vol-clone failed to clone LVM volumes 880064 - [LXC] libvirt_lxc segfaults when staring lxc guest 880919 - Libvirtd crashed while saving the guest to a nonexistent directory 881480 - virDomainUpdateDeviceFlags fails when interface type is 'network' 882915 - virsh doesn't report error if updated data argument for command "schedinfo" is invalid 883832 - Cannot start VMs after upgrade from 6.3 to libvirt-0.10.2-10 884650 - Add support for qemu-kvm's BALLOON_CHANGE event to avoid using monitor in virDomainGetXMLDesc 885081 - Invalid job handling while restarting CPUs when creating external snapshot 885727 - Libvirt won't parse dnsmasq capabilities when debug logs are enabled 885838 - improper errors logged when changing the bridge device used by a domain <interface type='bridge'> 886821 - libvirt-launched dnsmasq listens on localhost when it shouldn't 886933 - High disk usage when both libvirt and virt-manager are opened 887187 - [Doc] There are some typos in libvirt manual and formatdomain.html 888426 - block-copy pivot fails complaining that job is not active 889319 - support for IFLA_EXT_MASK and RTEXT_FILTER_VF needs to be added to lib 889407 - snapshot --redefine disk snapshot may cause libvirtd crash 891653 - Cgroups memory limit are causing the virt to be terminated unexpectedly 894085 - libvirt: vm pauses after live storage migration 896403 - delete snapshot which name contain '/' lead to libvirtd crash 6

Trust: 2.34

sources: NVD: CVE-2012-3411 // JVNDB: JVNDB-2013-001750 // BID: 54353 // PACKETSTORM: 120587 // PACKETSTORM: 121148 // PACKETSTORM: 127218 // PACKETSTORM: 120459 // PACKETSTORM: 120454

AFFECTED PRODUCTS

vendor:thekelleysmodel:dnsmasqscope:lteversion:2.62

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:thekelleysmodel:dnsmasqscope:ltversion:2.63test1

Trust: 0.8

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.62

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.57

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.59

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.56

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.54

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.55

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.60

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.61

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.58

Trust: 0.6

vendor:thekelleysmodel:dnsmasqscope:eqversion: -

Trust: 0.6

vendor:redmodel:hat enterprise virtualization hypervisor for rhelscope:eqversion:60

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.29

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.22

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.21

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.20

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.19

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.18

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.17

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.16

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.15

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.14

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.13

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.12

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.11

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.50

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.49

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.48

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.47

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.46

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.45

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.44

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.43

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.42

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.41

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.40

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.35

Trust: 0.3

vendor:dnsmasqmodel:dnsmasqscope:eqversion:2.30

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

sources: BID: 54353 // JVNDB: JVNDB-2013-001750 // CNNVD: CNNVD-201207-080 // NVD: CVE-2012-3411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3411
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3411
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-080
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2012-3411
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-001750 // CNNVD: CNNVD-201207-080 // NVD: CVE-2012-3411

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2012-3411

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 120459 // PACKETSTORM: 120454 // CNNVD: CNNVD-201207-080

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201207-080

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001750

PATCH

title:#683372url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372

Trust: 0.8

title:Bug 833033url:https://bugzilla.redhat.com/show_bug.cgi?id=833033

Trust: 0.8

title:RHSA-2013:0276url:http://rhn.redhat.com/errata/RHSA-2013-0276.html

Trust: 0.8

title:RHSA-2013:0277url:http://rhn.redhat.com/errata/RHSA-2013-0277.html

Trust: 0.8

title:Don't elide code needed for --bind-dynamic if compiled without IPv6.url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147

Trust: 0.8

title:Add --bind-dynamic v2.63test1url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0

Trust: 0.8

title:CHANGELOGurl:http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Trust: 0.8

title:dnsmasq-2.66test2url:http://123.124.177.30/web/xxk/bdxqById.tag?id=45660

Trust: 0.6

sources: JVNDB: JVNDB-2013-001750 // CNNVD: CNNVD-201207-080

EXTERNAL IDS

db:NVDid:CVE-2012-3411

Trust: 3.2

db:BIDid:54353

Trust: 1.9

db:OPENWALLid:OSS-SECURITY/2012/07/12/5

Trust: 1.6

db:JVNDBid:JVNDB-2013-001750

Trust: 0.8

db:CNNVDid:CNNVD-201207-080

Trust: 0.6

db:PACKETSTORMid:120587

Trust: 0.1

db:PACKETSTORMid:121148

Trust: 0.1

db:PACKETSTORMid:127218

Trust: 0.1

db:PACKETSTORMid:120459

Trust: 0.1

db:PACKETSTORMid:120454

Trust: 0.1

sources: BID: 54353 // JVNDB: JVNDB-2013-001750 // PACKETSTORM: 120587 // PACKETSTORM: 121148 // PACKETSTORM: 127218 // PACKETSTORM: 120459 // PACKETSTORM: 120454 // CNNVD: CNNVD-201207-080 // NVD: CVE-2012-3411

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2013-0276.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2013-0579.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2013-0277.html

Trust: 1.7

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=833033

Trust: 1.6

url:http://www.thekelleys.org.uk/dnsmasq/changelog

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2012/07/12/5

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:072

Trust: 1.6

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commitdiff%3bh=2f38141f434e23292f84cefc33e8de76fb856147

Trust: 1.6

url:http://www.securityfocus.com/bid/54353

Trust: 1.6

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commitdiff%3bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3411

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3411

Trust: 0.8

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147

Trust: 0.6

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-3411

Trust: 0.5

url:http://www.thekelleys.org.uk/dnsmasq/doc.html

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2012-3411.html

Trust: 0.3

url:https://access.redhat.com/security/team/key/#package

Trust: 0.3

url:http://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0198

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0311

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0311.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4542

Trust: 0.1

url:https://access.redhat.com/knowledge/docs/en-us/red_hat_enterprise_linux/6/html/hypervisor_deployment_guide/chap-deployment_guide-upgrading_red_hat_enterprise_virtualization_hypervisors.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhba-2013-0556.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4542.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:https://wiki.mageia.org/en/support/advisories/mgasa-2013-0030

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://wiki.mageia.org/en/support/advisories/mgasa-2012-0273

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0198

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3411

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0198

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201406-24.xml

Trust: 0.1

url:https://access.redhat.com/knowledge/docs/en-us/red_hat_enterprise_linux/6/html/6.4_technical_notes/libvirt.html

Trust: 0.1

sources: BID: 54353 // JVNDB: JVNDB-2013-001750 // PACKETSTORM: 120587 // PACKETSTORM: 121148 // PACKETSTORM: 127218 // PACKETSTORM: 120459 // PACKETSTORM: 120454 // CNNVD: CNNVD-201207-080 // NVD: CVE-2012-3411

CREDITS

David Woodhouse

Trust: 0.9

sources: BID: 54353 // CNNVD: CNNVD-201207-080

SOURCES

db:BIDid:54353
db:JVNDBid:JVNDB-2013-001750
db:PACKETSTORMid:120587
db:PACKETSTORMid:121148
db:PACKETSTORMid:127218
db:PACKETSTORMid:120459
db:PACKETSTORMid:120454
db:CNNVDid:CNNVD-201207-080
db:NVDid:CVE-2012-3411

LAST UPDATE DATE

2024-11-23T19:49:24.541000+00:00


SOURCES UPDATE DATE

db:BIDid:54353date:2015-04-16T17:43:00
db:JVNDBid:JVNDB-2013-001750date:2013-03-07T00:00:00
db:CNNVDid:CNNVD-201207-080date:2023-02-13T00:00:00
db:NVDid:CVE-2012-3411date:2024-11-21T01:40:49.047

SOURCES RELEASE DATE

db:BIDid:54353date:2012-07-09T00:00:00
db:JVNDBid:JVNDB-2013-001750date:2013-03-07T00:00:00
db:PACKETSTORMid:120587date:2013-03-01T01:18:37
db:PACKETSTORMid:121148date:2013-04-08T21:29:19
db:PACKETSTORMid:127218date:2014-06-25T22:49:52
db:PACKETSTORMid:120459date:2013-02-21T16:31:24
db:PACKETSTORMid:120454date:2013-02-21T16:30:33
db:CNNVDid:CNNVD-201207-080date:2012-07-11T00:00:00
db:NVDid:CVE-2012-3411date:2013-03-05T21:38:54.753