[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.8] libvirt: Multiple vulnerabilities (CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168)

ID: oval:org.secpod.oval:def:1801496Date: (C)2019-07-05   (M)2024-01-29
Class: PATCHFamily: unix




CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API¶ It was discovered that libvirtd would permit readonly clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. This vulnerability was first present in libvirt v0.9.4. Fixed In Version:¶ libvirt 4.10.1, libvirt 5.4.1

Platform:
Alpine Linux 3.8
Product:
libvirt
Reference:
10619
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10168
CVE    4
CVE-2019-10161
CVE-2019-10167
CVE-2019-10166
CVE-2019-10168
...

© SecPod Technologies