PT-2015-4533 · Red Hat+4 · Libvirt+5

Luyao Huang

Publicado

2015-01-29

Atualizado

2024-06-15

CVE-2015-0236

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.2.12

Description The issue allows remote authenticated users to obtain the VNC password by using the VIR DOMAIN XML SECURE flag with a crafted snapshot to the virDomainSnapshotGetXMLDesc interface or a crafted image to the virDomainSaveImageGetXMLDesc interface.

Recommendations For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc interfaces until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2015-1157

CESA-2015_0323

CVE-2015-0236

MGASA-2015-0046

OPENSUSE-SU-2024:10209-1

RHSA-2015:0323

RHSA-2015_0323

SUSE-SU-2016:0304-1

SUSE-SU-2016_0304-1

USN-2867-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libvirt

PT-2015-4533 · Red Hat+4 · Libvirt+5

CVE-2015-0236

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 75