Vulnerabilites related to Libvirt - libvirt
Vulnerability from fkie_nvd
Published
2010-08-19 18:00
Modified
2024-11-21 01:16
Severity ?
Summary
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libvirt | libvirt | 0.6.1 | |
| libvirt | libvirt | 0.6.2 | |
| libvirt | libvirt | 0.6.3 | |
| libvirt | libvirt | 0.6.4 | |
| libvirt | libvirt | 0.6.5 | |
| libvirt | libvirt | 0.7.0 | |
| libvirt | libvirt | 0.7.1 | |
| libvirt | libvirt | 0.7.2 | |
| libvirt | libvirt | 0.7.3 | |
| libvirt | libvirt | 0.7.4 | |
| libvirt | libvirt | 0.7.5 | |
| libvirt | libvirt | 0.7.6 | |
| libvirt | libvirt | 0.7.7 | |
| libvirt | libvirt | 0.8.0 | |
| libvirt | libvirt | 0.8.1 | |
| libvirt | libvirt | 0.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9543A7ED-BCFE-4153-96CB-AA2625C12394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45408F0A-6A45-4E2E-A790-3FE00EDFF470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D222C1F-65A4-4D04-8266-A77E7D06A0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16C34138-85A3-4FF9-8978-F4F80E8476B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE578174-7026-4D7A-8CC9-24A29136C32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35E44DBE-E780-4AC4-82E5-AB1A94EACBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AC4559-DFF0-45BA-8035-9BDF3BE44C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7F2E72-C436-46A4-A4B9-9F2B567FE8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EBC94-5CB9-4B5A-9CB3-C10DE191AE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05461C68-1BA6-4BA5-97F1-D56E0A62A37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6507C31-9F5F-488D-9D0D-C233CA1DED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3199D614-94CD-4E12-9127-4459BB6A84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2EE32A-68DF-4343-A5B1-6861324E592B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "330BFC7B-1971-42C3-BBB5-1498B112E8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39D87F93-98FE-414B-8D32-C9AB853A235D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AB6E8-DE2F-426C-A8E9-2572611AE5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
},
{
"lang": "es",
"value": "Red Hat libvirt, posiblemente v0.6.1 hasta v0.8.2, busca almacenes de respaldo de discos sin hacer referencia al formato del disco definido por el usuario principal, lo que podr\u00eda permitir a usuarios invitados al SO leer ficheros de su elecci\u00f3n en el SO anfitri\u00f3n, y posiblemente tenga otro impacto sin especificar, a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-2237",
"lastModified": "2024-11-21T01:16:12.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-19T18:00:03.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-06 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "990B5B59-DBA0-4116-BB1F-2B1D739C9835",
"versionEndIncluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5365060-478B-4A38-90F1-789BA17BA9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69B82AB5-F91E-450D-AFD9-2D8551B79E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB00C9A-ACBA-4552-B76A-66D604514FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9E7374-0781-434B-B844-21786CC7DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F128034B-6365-4566-8E83-D7AD479FFC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BC3A67-5922-45AE-B564-550EBCE01652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26263705-26D6-416B-A88A-A99A1F888DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D578358-EF2E-46E2-B586-F0BB169BD9B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command."
},
{
"lang": "es",
"value": "La funci\u00f3n virDomainListPopulate en conf/domain_conf.c en libvirt anterior a 1.2.9 no limpia el bloqueo en la lista de dominios, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo mutuo) a trav\u00e9s de un valor nulo en el par\u00e1metro second en el comando de API virConnectListAllDomains."
}
],
"id": "CVE-2014-3657",
"lastModified": "2024-11-21T02:08:35.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-06T14:55:10.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60291"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2404-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-06 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| libvirt | libvirt | * | |
| libvirt | libvirt | 1.2.0 | |
| libvirt | libvirt | 1.2.1 | |
| libvirt | libvirt | 1.2.2 | |
| libvirt | libvirt | 1.2.3 | |
| libvirt | libvirt | 1.2.4 | |
| libvirt | libvirt | 1.2.5 | |
| libvirt | libvirt | 1.2.6 | |
| libvirt | libvirt | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*",
"matchCriteriaId": "823E02CA-A145-46C2-BC4C-16DECB060B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*",
"matchCriteriaId": "E685F933-7C10-49B6-9F4B-89478AF51761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "990B5B59-DBA0-4116-BB1F-2B1D739C9835",
"versionEndIncluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5365060-478B-4A38-90F1-789BA17BA9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69B82AB5-F91E-450D-AFD9-2D8551B79E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB00C9A-ACBA-4552-B76A-66D604514FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9E7374-0781-434B-B844-21786CC7DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F128034B-6365-4566-8E83-D7AD479FFC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BC3A67-5922-45AE-B564-550EBCE01652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26263705-26D6-416B-A88A-A99A1F888DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D578358-EF2E-46E2-B586-F0BB169BD9B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "La funci\u00f3n qemuDomainGetBlockIoTune en qemu/qemu_driver.c en libvirt anterior a 1.2.9, cuando un disco ha sido conectado en caliente o eliminado de la imagen en vivo, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o leer informaci\u00f3n sensible de la memoria din\u00e1mica a trav\u00e9s de una consulta blkiotune manipulada, lo que provoca una lectura fuera de rango."
}
],
"id": "CVE-2014-3633",
"lastModified": "2024-11-21T02:08:32.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-06T14:55:10.017",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60291"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-20 21:29
Modified
2024-11-21 02:32
Severity ?
Summary
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56982B28-2D29-4662-9EF1-1559E4A220AF",
"versionEndExcluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing."
},
{
"lang": "es",
"value": "libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la l\u00ednea de comandos qemu cuando se utiliza RADOS Block Device (tambi\u00e9n conocido como RBD), lo que permite a los usuarios locales obtener informaci\u00f3n sensible mediante un listado de procesos."
}
],
"id": "CVE-2015-5160",
"lastModified": "2024-11-21T02:32:28.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T21:29:00.277",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ossn/+bug/1686743"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ossn/+bug/1686743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-19 18:00
Modified
2024-11-21 01:16
Severity ?
Summary
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7F2E72-C436-46A4-A4B9-9F2B567FE8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EBC94-5CB9-4B5A-9CB3-C10DE191AE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05461C68-1BA6-4BA5-97F1-D56E0A62A37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6507C31-9F5F-488D-9D0D-C233CA1DED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3199D614-94CD-4E12-9127-4459BB6A84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2EE32A-68DF-4343-A5B1-6861324E592B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "330BFC7B-1971-42C3-BBB5-1498B112E8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39D87F93-98FE-414B-8D32-C9AB853A235D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AB6E8-DE2F-426C-A8E9-2572611AE5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
},
{
"lang": "es",
"value": "Red Hat libvirt, posiblemente v0.7.2 hasta v0.8.2, se repite en almacenes de respaldo de imagen de disco sin extraer el formato de disco de respaldo definido, lo cual puede permitir a usuarios invitados del Sistema Operativo leer ficheros a su elecci\u00f3n en el Sistema Operativo anfitri\u00f3n, y posiblemente tener otros impactos no especificados, a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-2238",
"lastModified": "2024-11-21T01:16:12.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-19T18:00:03.453",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-11 20:30
Modified
2024-11-21 00:58
Severity ?
Summary
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA9E6F-7F06-4341-928A-5CE6C5EAAA7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n proxyReadClientSocket en proxy/libvirt_proxy.c en libvirt_proxy v0.5.1, podr\u00eda permitir a usuarios locales elevar sus privilegios mediante el env\u00edo de una parte de la cabecera de un paquete virProxyPacket y posteriormente enviando el resto del paquete con valores manipulados en la cabecera del mismo. Relacionado con el uso de memoria que no ha sido inicializada en un control de validaci\u00f3n.\r\n\r\n"
}
],
"id": "CVE-2009-0036",
"lastModified": "2024-11-21T00:58:55.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-11T20:30:00.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2009/02/10/8"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/33724"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/02/10/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-19 18:00
Modified
2024-11-21 01:16
Severity ?
Summary
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libvirt | libvirt | 0.2.0 | |
| libvirt | libvirt | 0.2.1 | |
| libvirt | libvirt | 0.2.2 | |
| libvirt | libvirt | 0.2.3 | |
| libvirt | libvirt | 0.3.0 | |
| libvirt | libvirt | 0.3.1 | |
| libvirt | libvirt | 0.3.2 | |
| libvirt | libvirt | 0.3.3 | |
| libvirt | libvirt | 0.4.0 | |
| libvirt | libvirt | 0.4.1 | |
| libvirt | libvirt | 0.4.2 | |
| libvirt | libvirt | 0.4.3 | |
| libvirt | libvirt | 0.4.4 | |
| libvirt | libvirt | 0.4.6 | |
| libvirt | libvirt | 0.5.0 | |
| libvirt | libvirt | 0.5.1 | |
| libvirt | libvirt | 0.6.0 | |
| libvirt | libvirt | 0.6.1 | |
| libvirt | libvirt | 0.6.2 | |
| libvirt | libvirt | 0.6.3 | |
| libvirt | libvirt | 0.6.4 | |
| libvirt | libvirt | 0.6.5 | |
| libvirt | libvirt | 0.7.0 | |
| libvirt | libvirt | 0.7.1 | |
| libvirt | libvirt | 0.7.2 | |
| libvirt | libvirt | 0.7.3 | |
| libvirt | libvirt | 0.7.4 | |
| libvirt | libvirt | 0.7.5 | |
| libvirt | libvirt | 0.7.6 | |
| libvirt | libvirt | 0.7.7 | |
| libvirt | libvirt | 0.8.0 | |
| libvirt | libvirt | 0.8.1 | |
| libvirt | libvirt | 0.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4629E1-113F-4F7B-A7C2-EE280FE66CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E7035D-178C-4591-A721-BE99D9D2775A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "577AD17E-3FEA-4153-8331-A0E0BD50580A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE09A468-889E-4D64-B125-67B042BE6820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE2A109-7960-44DE-96D0-B580BF87E1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D18D732-E2F1-48AF-97DE-E5B149FAFE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E86FE3D-BC93-49DE-8D34-61C17072D190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB95BD9D-A6B5-47B9-B2B0-9C4CC67BA62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "354A210C-B8C7-4E99-8EF4-EB4930B769AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA90AC2-B415-42F5-86E5-9564F4133A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29FBE340-26FF-4D72-99C3-423786A2095B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "072EDB8A-DBCE-490A-8BAE-106A385FBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE4570C-3EED-409D-AC79-ED4741087CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01BFB306-AF97-460F-9D26-9CF53018280D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9844D-5B89-4B47-9E38-BDF0C44D1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA9E6F-7F06-4341-928A-5CE6C5EAAA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49C0A68D-E8D2-47CD-BEB0-24556A20C78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9543A7ED-BCFE-4153-96CB-AA2625C12394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45408F0A-6A45-4E2E-A790-3FE00EDFF470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D222C1F-65A4-4D04-8266-A77E7D06A0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16C34138-85A3-4FF9-8978-F4F80E8476B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE578174-7026-4D7A-8CC9-24A29136C32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35E44DBE-E780-4AC4-82E5-AB1A94EACBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AC4559-DFF0-45BA-8035-9BDF3BE44C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7F2E72-C436-46A4-A4B9-9F2B567FE8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EBC94-5CB9-4B5A-9CB3-C10DE191AE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05461C68-1BA6-4BA5-97F1-D56E0A62A37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6507C31-9F5F-488D-9D0D-C233CA1DED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3199D614-94CD-4E12-9127-4459BB6A84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2EE32A-68DF-4343-A5B1-6861324E592B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "330BFC7B-1971-42C3-BBB5-1498B112E8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39D87F93-98FE-414B-8D32-C9AB853A235D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AB6E8-DE2F-426C-A8E9-2572611AE5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree."
},
{
"lang": "es",
"value": "Red Hat libvirt v0.2.0 hasta v0.8.2 crea reglas de iptable con asignaciones inadecuadas de puertos de origen privilegiados, lo que permite a usuarios invitados del SO evitar las restricciones de acceso establecidas aprovechando los valores de direcci\u00f3n IP y puerto-origen, como se ha demostrado copiando y eliminando un arbol de ficheros NFS."
}
],
"id": "CVE-2010-2242",
"lastModified": "2024-11-21T01:16:13.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-19T18:00:03.670",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-19 18:00
Modified
2024-11-21 01:16
Severity ?
Summary
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libvirt | libvirt | 0.6.0 | |
| libvirt | libvirt | 0.6.1 | |
| libvirt | libvirt | 0.6.2 | |
| libvirt | libvirt | 0.6.3 | |
| libvirt | libvirt | 0.6.4 | |
| libvirt | libvirt | 0.6.5 | |
| libvirt | libvirt | 0.7.0 | |
| libvirt | libvirt | 0.7.1 | |
| libvirt | libvirt | 0.7.2 | |
| libvirt | libvirt | 0.7.3 | |
| libvirt | libvirt | 0.7.4 | |
| libvirt | libvirt | 0.7.5 | |
| libvirt | libvirt | 0.7.6 | |
| libvirt | libvirt | 0.7.7 | |
| libvirt | libvirt | 0.8.0 | |
| libvirt | libvirt | 0.8.1 | |
| libvirt | libvirt | 0.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49C0A68D-E8D2-47CD-BEB0-24556A20C78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9543A7ED-BCFE-4153-96CB-AA2625C12394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45408F0A-6A45-4E2E-A790-3FE00EDFF470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D222C1F-65A4-4D04-8266-A77E7D06A0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16C34138-85A3-4FF9-8978-F4F80E8476B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE578174-7026-4D7A-8CC9-24A29136C32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35E44DBE-E780-4AC4-82E5-AB1A94EACBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AC4559-DFF0-45BA-8035-9BDF3BE44C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7F2E72-C436-46A4-A4B9-9F2B567FE8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EBC94-5CB9-4B5A-9CB3-C10DE191AE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05461C68-1BA6-4BA5-97F1-D56E0A62A37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6507C31-9F5F-488D-9D0D-C233CA1DED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3199D614-94CD-4E12-9127-4459BB6A84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2EE32A-68DF-4343-A5B1-6861324E592B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "330BFC7B-1971-42C3-BBB5-1498B112E8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39D87F93-98FE-414B-8D32-C9AB853A235D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AB6E8-DE2F-426C-A8E9-2572611AE5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors."
},
{
"lang": "es",
"value": "Red Hat libvirt, posiblemente v0.6.0 hasta v0.8.2, crea nuevas imagenes sin configurar el formato definido por el usuario backing-store, lo que permite a usuarios invitados al SO leer ficheros de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-2239",
"lastModified": "2024-11-21T01:16:13.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-19T18:00:03.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-19 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E86FE3D-BC93-49DE-8D34-61C17072D190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB95BD9D-A6B5-47B9-B2B0-9C4CC67BA62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA90AC2-B415-42F5-86E5-9564F4133A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29FBE340-26FF-4D72-99C3-423786A2095B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01BFB306-AF97-460F-9D26-9CF53018280D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9844D-5B89-4B47-9E38-BDF0C44D1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libvirt:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA9E6F-7F06-4341-928A-5CE6C5EAAA7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions."
},
{
"lang": "es",
"value": "M\u00faltiples m\u00e9todos en libvirt 0.3.2 a 0.5.1 no comprueban si una conexi\u00f3n es de s\u00f3lo lectura, lo que permite a usuarios locales eludir restricciones de acceso y realizar acciones administrativas."
}
],
"id": "CVE-2008-5086",
"lastModified": "2024-11-21T00:53:15.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T17:30:03.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/50919"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33198"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33217"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33292"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32905"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-694-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2008-December/msg00522.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-694-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2008-December/msg00522.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-10167
Vulnerability from cvelistv5
Published
2019-08-02 12:05
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10167",
"datePublished": "2019-08-02T12:05:52",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10161
Vulnerability from cvelistv5
Published
2019-07-30 22:14
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161 | x_refsource_CONFIRM | |
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4047-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "Libvirt",
"versions": [
{
"status": "affected",
"version": "fixed in 4.10.1"
},
{
"status": "affected",
"version": "fixed in 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "fixed in 4.10.1"
},
{
"version_value": "fixed in 5.4.1"
}
]
}
}
]
},
"vendor_name": "Libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10161",
"datePublished": "2019-07-30T22:14:10",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10168
Vulnerability from cvelistv5
Published
2019-08-02 12:08
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10168",
"datePublished": "2019-08-02T12:08:14",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2238
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html | vendor-advisory, x_refsource_FEDORA | |
| http://ubuntu.com/usn/usn-1008-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=607811 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_MISC | |
| http://ubuntu.com/usn/usn-1008-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://ubuntu.com/usn/usn-1008-3 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.vupen.com/english/advisories/2010/2763 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2238",
"datePublished": "2010-08-19T17:43:00",
"dateReserved": "2010-06-09T00:00:00",
"dateUpdated": "2024-08-07T02:25:07.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2237
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html | vendor-advisory, x_refsource_FEDORA | |
| http://ubuntu.com/usn/usn-1008-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html | vendor-advisory, x_refsource_FEDORA | |
| http://libvirt.org/news.html | x_refsource_MISC | |
| http://ubuntu.com/usn/usn-1008-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://ubuntu.com/usn/usn-1008-3 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=607810 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2763 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2237",
"datePublished": "2010-08-19T17:43:00",
"dateReserved": "2010-06-09T00:00:00",
"dateUpdated": "2024-08-07T02:25:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2242
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2062 | vdb-entry, x_refsource_VUPEN | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html | vendor-advisory, x_refsource_FEDORA | |
| http://ubuntu.com/usn/usn-1008-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.redhat.com/support/errata/RHSA-2010-0615.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943 | x_refsource_CONFIRM | |
| http://ubuntu.com/usn/usn-1008-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=602455 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://ubuntu.com/usn/usn-1008-3 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.vupen.com/english/advisories/2010/2763 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name": "RHSA-2010:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-2062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name": "RHSA-2010:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2242",
"datePublished": "2010-08-19T17:43:00",
"dateReserved": "2010-06-09T00:00:00",
"dateUpdated": "2024-08-07T02:25:07.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1064
Vulnerability from cvelistv5
Published
2018-03-28 18:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3680-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:1396 | vendor-advisory, x_refsource_REDHAT | |
| https://www.debian.org/security/2018/dsa-4137 | vendor-advisory, x_refsource_DEBIAN | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1929 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550672 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "before 4.2.0-rc1"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "before 4.2.0-rc1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3680-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1064",
"datePublished": "2018-03-28T18:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:12.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5086
Vulnerability from cvelistv5
Published
2008-12-19 17:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33217"
},
{
"name": "oval:org.mitre.oval:def:8765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765"
},
{
"name": "33198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33198"
},
{
"name": "50919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50919"
},
{
"name": "33292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33292"
},
{
"name": "32905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32905"
},
{
"name": "FEDORA-2008-11433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html"
},
{
"name": "USN-694-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-694-1"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"name": "[libvirt] 20081217 [SECURITY] PATCH: Fix missing read-only access checks (CVE-2008-5086)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2008-December/msg00522.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560"
},
{
"name": "34397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "33217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33217"
},
{
"name": "oval:org.mitre.oval:def:8765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765"
},
{
"name": "33198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33198"
},
{
"name": "50919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50919"
},
{
"name": "33292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33292"
},
{
"name": "32905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32905"
},
{
"name": "FEDORA-2008-11433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html"
},
{
"name": "USN-694-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-694-1"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"name": "[libvirt] 20081217 [SECURITY] PATCH: Fix missing read-only access checks (CVE-2008-5086)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2008-December/msg00522.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560"
},
{
"name": "34397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34397"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5086",
"datePublished": "2008-12-19T17:00:00",
"dateReserved": "2008-11-14T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0036
Vulnerability from cvelistv5
Published
2009-02-11 20:00
Modified
2024-08-07 04:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127 | vdb-entry, signature, x_refsource_OVAL | |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html | mailing-list, x_refsource_MLIST | |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/33724 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=484947 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2009-0382.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2009/02/10/8 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/34397 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10127",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127"
},
{
"name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html"
},
{
"name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html"
},
{
"name": "33724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33724"
},
{
"name": "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947"
},
{
"name": "RHSA-2009:0382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28"
},
{
"name": "[oss-security] 20090210 libvirt_proxy heads up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/02/10/8"
},
{
"name": "34397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10127",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127"
},
{
"name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html"
},
{
"name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html"
},
{
"name": "33724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33724"
},
{
"name": "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947"
},
{
"name": "RHSA-2009:0382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28"
},
{
"name": "[oss-security] 20090210 libvirt_proxy heads up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/02/10/8"
},
{
"name": "34397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34397"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0036",
"datePublished": "2009-02-11T20:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3657
Vulnerability from cvelistv5
Published
2014-10-06 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62303 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-2404-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://rhn.redhat.com/errata/RHSA-2014-1352.html | vendor-advisory, x_refsource_REDHAT | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669 | x_refsource_CONFIRM | |
| http://security.libvirt.org/2014/0005.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60291 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62303"
},
{
"name": "USN-2404-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"name": "RHSA-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0005.html"
},
{
"name": "openSUSE-SU-2014:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"name": "60291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60291"
},
{
"name": "openSUSE-SU-2014:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "62303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62303"
},
{
"name": "USN-2404-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"name": "RHSA-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0005.html"
},
{
"name": "openSUSE-SU-2014:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"name": "60291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60291"
},
{
"name": "openSUSE-SU-2014:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3657",
"datePublished": "2014-10-06T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10166
Vulnerability from cvelistv5
Published
2019-08-02 12:02
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10166",
"datePublished": "2019-08-02T12:02:59",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2239
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2062 | vdb-entry, x_refsource_VUPEN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html | vendor-advisory, x_refsource_FEDORA | |
| http://ubuntu.com/usn/usn-1008-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=607812 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2010-0615.html | vendor-advisory, x_refsource_REDHAT | |
| http://libvirt.org/news.html | x_refsource_MISC | |
| http://ubuntu.com/usn/usn-1008-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://ubuntu.com/usn/usn-1008-3 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.vupen.com/english/advisories/2010/2763 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
},
{
"name": "RHSA-2010:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-2062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name": "FEDORA-2010-10960",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
},
{
"name": "RHSA-2010:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2239",
"datePublished": "2010-08-19T17:43:00",
"dateReserved": "2010-06-09T00:00:00",
"dateUpdated": "2024-08-07T02:25:07.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10703
Vulnerability from cvelistv5
Published
2020-06-02 00:00
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:04.925695",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10703",
"datePublished": "2020-06-02T00:00:00",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3633
Vulnerability from cvelistv5
Published
2014-10-06 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1352.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-3038 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-2366-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60291 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.libvirt.org/2014/0004.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"
},
{
"name": "RHSA-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"name": "DSA-3038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"name": "openSUSE-SU-2014:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"name": "60291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0004.html"
},
{
"name": "openSUSE-SU-2014:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"
},
{
"name": "RHSA-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"
},
{
"name": "DSA-3038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"name": "openSUSE-SU-2014:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"
},
{
"name": "60291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0004.html"
},
{
"name": "openSUSE-SU-2014:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3633",
"datePublished": "2014-10-06T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5160
Vulnerability from cvelistv5
Published
2018-08-20 21:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.openstack.org/wiki/OSSN/OSSN-0079 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1245647 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2577.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.launchpad.net/ossn/+bug/1686743 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/07/21/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ossn/+bug/1686743"
},
{
"name": "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ossn/+bug/1686743"
},
{
"name": "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5160",
"datePublished": "2018-08-20T21:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10132
Vulnerability from cvelistv5
Published
2019-05-22 17:21
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.libvirt.org/2019/0003.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1264 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1268 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/ | vendor-advisory, x_refsource_FEDORA | |
| https://access.redhat.com/errata/RHSA-2019:1455 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/4021-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"name": "RHSA-2019:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"name": "RHSA-2019:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"name": "FEDORA-2019-5f105dd2b6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "affects \u003e= 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libvirt \u003e= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T03:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"name": "RHSA-2019:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"name": "RHSA-2019:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"name": "FEDORA-2019-5f105dd2b6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10132",
"datePublished": "2019-05-22T17:21:19",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}