CVE-2014-0028

Name of the Vulnerable Software and Affected Versions libvirt versions 1.1.1 through 1.2.0

Description The issue allows context-dependent attackers to bypass restrictions in ACLs, specifically the domain:getattr and connect:search domains restrictions, and obtain sensitive domain object information. This is achieved via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

Recommendations For libvirt versions 1.1.1 through 1.2.0, consider restricting access to the virConnectDomainEventRegister and virConnectDomainEventRegisterAny functions in the event registration API until a patch is available.