Details of VAR-201310-0433

ID

VAR-201310-0433

CVE

CVE-2013-4370

TITLE

Xen 'xc_vcpu_getaffinity()' function heap memory corruption vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-13720 // BID: 62930

DESCRIPTION

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. Xen is an open source virtual machine monitor developed by the University of Cambridge. Xen's ocaml xc_vcpu_getaffinity has a re-use vulnerability after release. An attacker could exploit this vulnerability to cause heap corruption and denial of service. Xen is prone to a heap-memory-corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple Vunlerabilities Date: July 16, 2014 Bugs: #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824 ID: 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulations/xen < 4.3.2-r4 >= 4.3.2-r4 *>= 4.2.4-r4 2 app-emulations/xen-tools < 4.3.2-r5 >= 4.3.2-r5 *>= 4.2.4-r6 3 app-emulations/xen-pvgrub < 4.3.2 *>= 4.3.2 *>= 4.2.4 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2" All Xen 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2" All xen-tools 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.3.2-r2" All xen-tools 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.2.4-r2" All Xen PVGRUB 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.3.2" All Xen PVGRUB 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.2.4" References ========== [ 1 ] CVE-2013-1442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442 [ 2 ] CVE-2013-4329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329 [ 3 ] CVE-2013-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355 [ 4 ] CVE-2013-4356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356 [ 5 ] CVE-2013-4361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361 [ 6 ] CVE-2013-4368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368 [ 7 ] CVE-2013-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369 [ 8 ] CVE-2013-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370 [ 9 ] CVE-2013-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371 [ 10 ] CVE-2013-4375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375 [ 11 ] CVE-2013-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416 [ 12 ] CVE-2013-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494 [ 13 ] CVE-2013-4551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551 [ 14 ] CVE-2013-4553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553 [ 15 ] CVE-2013-4554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554 [ 16 ] CVE-2013-6375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375 [ 17 ] CVE-2013-6400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400 [ 18 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 19 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 20 ] CVE-2014-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642 [ 21 ] CVE-2014-1666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666 [ 22 ] CVE-2014-1891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891 [ 23 ] CVE-2014-1892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892 [ 24 ] CVE-2014-1893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893 [ 25 ] CVE-2014-1894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894 [ 26 ] CVE-2014-1895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895 [ 27 ] CVE-2014-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896 [ 28 ] CVE-2014-2599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599 [ 29 ] CVE-2014-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124 [ 30 ] CVE-2014-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201407-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2013-4370 // JVNDB: JVNDB-2013-004801 // CNVD: CNVD-2013-13720 // BID: 62930 // PACKETSTORM: 127477

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13720

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	xen	model:	xen	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	xen	model:	xen	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	xen	model:	xen	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	xen	model:	xen	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	xen	model:	xen	scope:	eq	version:	4.2.x	Trust: 0.8
vendor:	xen	model:	xen	scope:	eq	version:	4.3.x	Trust: 0.8
vendor:	xensource	model:	xen	scope:	eq	version:	4.2	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	citrix	model:	xenclient xt	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	citrix	model:	xenclient xt	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	citrix	model:	xenclient xt	scope:	eq	version:	3.0.0	Trust: 0.3
vendor:	centos	model:	xen4centos	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	xenclient xt	scope:	ne	version:	3.2	Trust: 0.3

sources: CNVD: CNVD-2013-13720 // BID: 62930 // JVNDB: JVNDB-2013-004801 // CNNVD: CNNVD-201310-458 // NVD: CVE-2013-4370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4370
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-4370
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13720
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-458
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-4370
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13720
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13720 // JVNDB: JVNDB-2013-004801 // CNNVD: CNNVD-201310-458 // NVD: CVE-2013-4370

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-004801 // NVD: CVE-2013-4370

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201310-458

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201310-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004801

PATCH

title:	Top Page	url:	http://www.xen.org/	Trust: 0.8
title:	Xen 'xc_vcpu_getaffinity()' patch for function heap memory corruption vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40195	Trust: 0.6

sources: CNVD: CNVD-2013-13720 // JVNDB: JVNDB-2013-004801

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4370	Trust: 3.4
db:	OPENWALL	id:	OSS-SECURITY/2013/10/10/13	Trust: 2.4
db:	BID	id:	62930	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-004801	Trust: 0.8
db:	CNVD	id:	CNVD-2013-13720	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20131010 XEN SECURITY ADVISORY 69 (CVE-2013-4370) - MISPLACED FREE IN OCAML XC_VCPU_GETAFFINITY STUB	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-458	Trust: 0.6
db:	PACKETSTORM	id:	127477	Trust: 0.1

sources: CNVD: CNVD-2013-13720 // BID: 62930 // JVNDB: JVNDB-2013-004801 // PACKETSTORM: 127477 // CNNVD: CNNVD-201310-458 // NVD: CVE-2013-4370

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2013/10/10/13	Trust: 2.4
url:	http://seclists.org/oss-sec/2013/q4/att-61/xsa69.patch	Trust: 1.6
url:	http://security.gentoo.org/glsa/glsa-201407-03.xml	Trust: 1.1
url:	http://seclists.org/oss-sec/2013/q4/61	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4370	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4370	Trust: 0.8
url:	http://support.citrix.com/article/ctx139624	Trust: 0.3
url:	http://xen.xensource.com/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4356	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4370	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1442	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1892	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1894	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4370	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4361	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3124	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6375	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1894	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4416	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4361	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4369	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1666	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1895	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1895	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4371	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6400	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4356	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4329	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4368	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4329	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1896	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4355	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1891	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4375	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4355	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1891	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6885	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4371	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4375	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4494	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6885	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4554	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3124	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4368	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1896	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4369	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6375	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6400	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4416	Trust: 0.1

sources: CNVD: CNVD-2013-13720 // BID: 62930 // JVNDB: JVNDB-2013-004801 // PACKETSTORM: 127477 // CNNVD: CNNVD-201310-458 // NVD: CVE-2013-4370

CREDITS

Coverity Scan and Matthew Daley

Trust: 0.3

sources: BID: 62930

SOURCES

db:	CNVD	id:	CNVD-2013-13720
db:	BID	id:	62930
db:	JVNDB	id:	JVNDB-2013-004801
db:	PACKETSTORM	id:	127477
db:	CNNVD	id:	CNNVD-201310-458
db:	NVD	id:	CVE-2013-4370

LAST UPDATE DATE

2024-11-23T20:11:21.549000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13720	date:	2013-10-16T00:00:00
db:	BID	id:	62930	date:	2015-05-07T17:01:00
db:	JVNDB	id:	JVNDB-2013-004801	date:	2013-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201310-458	date:	2013-10-22T00:00:00
db:	NVD	id:	CVE-2013-4370	date:	2024-11-21T01:55:26.480

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13720	date:	2013-10-15T00:00:00
db:	BID	id:	62930	date:	2013-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-004801	date:	2013-10-21T00:00:00
db:	PACKETSTORM	id:	127477	date:	2014-07-16T22:25:37
db:	CNNVD	id:	CNNVD-201310-458	date:	2013-10-21T00:00:00
db:	NVD	id:	CVE-2013-4370	date:	2013-10-17T23:55:04.533