PT-2019-2883 · Libvirt+5 · Libvirt+5
Publicado
2019-06-20
·
Atualizado
2024-06-15
·
CVE-2019-10161
CVSS v3.1
8.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libvirtd versions prior to 4.10.1
libvirtd versions prior to 5.4.1
Description
The issue is related to the
virDomainSaveImageGetXMLDesc() API, which has access control errors. This allows an attacker with access to the libvirtd socket to probe the existence of arbitrary files, cause denial of service, or execute arbitrary programs by specifying an arbitrary path that would be accessed with the permissions of the libvirtd process.Recommendations
For libvirtd versions prior to 4.10.1, update to version 4.10.1 or later.
For libvirtd versions prior to 5.4.1, update to version 5.4.1 or later.
As a temporary workaround, consider restricting access to the
virDomainSaveImageGetXMLDesc() API until a patch is available.Correção
DoS
Improper Access Control
Missing Authorization
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Red Hat
Suse
Ubuntu
Libvirt