Vulnerability Name:

CVE-2012-4423 (CCN-78658)

Assigned:2012-07-24
Published:2012-07-24
Updated:2023-02-13
Summary:The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.3 Low (REDHAT CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P)
2.9 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-4423

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2012-1359
Moderate: libvirt security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-55541
libvirt 'virNetServerProgramDispatchCall()' Function Remote Denial Of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 857133
CVE-2012-4423 libvirt: null function pointer invocation in virNetServerProgramDispatchCall()

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
libvirt-vnspdc-dos(78658)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:libvirt:libvirt:0.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20124423
    V
    CVE-2012-4423
    2022-05-20
    oval:org.opensuse.security:def:42386
    P
    Security update for ucode-intel (Moderate)
    2022-05-18
    oval:org.opensuse.security:def:31756
    P
    Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:31705
    P
    Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:32222
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26159
    P
    Security update for systemd (Moderate)
    2021-11-04
    oval:org.opensuse.security:def:31694
    P
    Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:31693
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:26124
    P
    Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:26118
    P
    Security update for php72 (Important)
    2021-09-02
    oval:org.opensuse.security:def:26106
    P
    Security update for libmspack (Moderate)
    2021-08-17
    oval:org.opensuse.security:def:31664
    P
    Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:32161
    P
    Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:32147
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:32943
    P
    Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:32112
    P
    Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:42634
    P
    libvirt-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36227
    P
    libvirt-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36499
    P
    libvirt-devel-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26060
    P
    Security update for postgresql13 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:26049
    P
    Security update for lz4 (Important)
    2021-05-14
    oval:org.opensuse.security:def:26048
    P
    Security update for the Linux Kernel (Important)
    2021-05-13
    oval:org.opensuse.security:def:32904
    P
    Security update for MozillaFirefox (Important)
    2021-04-27
    oval:org.opensuse.security:def:32060
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:26208
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:32266
    P
    Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:26202
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:32200
    P
    Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:26061
    P
    Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:25980
    P
    Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:32003
    P
    Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:35979
    P
    libvirt-1.0.5.1-0.7.10 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25605
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26678
    P
    coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33190
    P
    libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31447
    P
    Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27462
    P
    libmusicbrainz-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25776
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31813
    P
    Security update for apache2-mod_jk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26305
    P
    Security update for python-setuptools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26455
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32303
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27225
    P
    libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25530
    P
    Security update for virglrenderer (Important)
    2020-12-01
    oval:org.opensuse.security:def:26474
    P
    Security update for znc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32513
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25871
    P
    Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26780
    P
    lvm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26247
    P
    Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25852
    P
    Security update for flash-playerqemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:26353
    P
    Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26552
    P
    g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26333
    P
    Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32447
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25733
    P
    Security update for mgetty (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31458
    P
    Security update for postgresql91 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27497
    P
    libvirt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25777
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31900
    P
    Security update for Mozilla Firefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26943
    P
    libcap-progs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31911
    P
    Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26494
    P
    Security update for pdns-recursor (Important)
    2020-12-01
    oval:org.opensuse.security:def:32359
    P
    Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25541
    P
    Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26625
    P
    pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33151
    P
    libgcrypt11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31446
    P
    Security update for popt
    2020-12-01
    oval:org.opensuse.security:def:25955
    P
    Security update for gstreamer-0_10-plugins-bad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26824
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26261
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26406
    P
    Security update for mbedtls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27190
    P
    libicu-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25529
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26390
    P
    Security update for ark (Low)
    2020-12-01
    oval:org.opensuse.security:def:32469
    P
    Security update for xorg-x11-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25814
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26766
    P
    libsamplerate on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31532
    P
    Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25788
    P
    Security update for zeromq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32056
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26978
    P
    libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26508
    P
    Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:26252
    P
    Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32408
    P
    Security update for wget (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:18188
    P
    USN-1708-1 -- libvirt vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23737
    P
    ELSA-2012:1359: libvirt security and bug fix update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21298
    P
    RHSA-2012:1359: libvirt security and bug fix update (Moderate)
    2014-02-24
    oval:com.ubuntu.precise:def:20124423000
    V
    CVE-2012-4423 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-19
    oval:com.redhat.rhsa:def:20121359
    P
    RHSA-2012:1359: libvirt security and bug fix update (Moderate)
    2012-10-11
    BACK
    libvirt libvirt 0.2.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6