CVE-2009-0036
CVE-2009-0036
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/8534unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28http://openwall.com/lists/oss-security/2009/02/10/8https://bugzilla.redhat.com/show_bug.cgi?id=484947http://secunia.com/advisories/34397https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127https://www.redhat.com/archives/libvir-list/2009-January/msg00699.htmlhttps://www.redhat.com/archives/libvir-list/2009-January/msg00726.htmlhttps://www.redhat.com/archives/libvir-list/2009-January/msg00728.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0382.htmlhttp://www.securityfocus.com/bid/33724