PT-2010-3838 · Red Hat · Libvirt+1

Jeremy Nickurak

Publicado

2010-08-10

Atualizado

2024-06-15

CVE-2010-2242

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat libvirt versions 0.2.0 through 0.8.2

Description The issue allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values. This can be demonstrated by copying and deleting an NFS directory tree, exploiting improper mappings of privileged source ports in iptables rules.

Recommendations For Red Hat libvirt versions 0.2.0 through 0.8.2, consider restricting access to privileged source ports to minimize the risk of exploitation. As a temporary workaround, restrict the use of iptables rules that map privileged source ports until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2010-2242

OPENSUSE-SU-2024:10209-1

RHSA-2010:0615

RHSA-2010_0615

Produtos afetados

Red Hat

Libvirt

PT-2010-3838 · Red Hat · Libvirt+1

CVE-2010-2242

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52