|
|
| |
|
| |
libvirt: multiple vulnerabilities
| Package(s): | libvirt |
CVE #(s): | CVE-2010-2242
CVE-2010-2237
CVE-2010-2238
CVE-2010-2239
|
| Created: | July 27, 2010 |
Updated: | November 9, 2010 |
| Description: |
From the Red Hat bugzilla:
Jeremy Nickurak reported an issue with how libvirt creates iptables rules when
guest systems are setup for masquerading. (CVE-2010-2242)
From the Red Hat bugzilla:
It was found that libvirt did not honour the user defined main disk format
in guest XML when looking up disk backing stores in the security drivers.
This could be possibly exploited by privileged guest user to access
arbitrary files on the host. (CVE-2010-2237)
From the Red Hat bugzilla:
It was found that libvirt did not extract the defined disk backing store
format when recursing into disk image backing stores in the security
drivers. This could be possibly exploited by privileged guest user to
access arbitrary files on the host. (CVE-2010-2238)
From the Red Hat bugzilla:
It was found that libvirt did not explicitly set the user defined backing store
format when creating new image. This results in images being created with an
potentially insecure configuration, preventing applications from opening backing
stores without resorting to probing. A privileged guest user could use this
flaw
to access arbitrary files on the host. (CVE-2010-2239) |
| Alerts: |
|
( Log in to post comments)
|
|
|