PT-2008-6233 · Libvirt+1 · Libvirt+1

Daniel Berrange

Published

2008-12-19

Updated

2024-06-15

CVE-2008-5086

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libvirt versions 0.3.2 through 0.5.1

Description The issue allows local users to bypass intended access restrictions and perform administrative actions due to multiple methods in libvirt not checking if a connection is read-only.

Recommendations For libvirt versions 0.3.2 through 0.5.1, consider restricting access to administrative actions until a patch is available. As a temporary workaround, review and enforce connection permissions to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-5086

OPENSUSE-SU-2024:11008-1

RHSA-2009:0382

RHSA-2009_0382

Affected Products

Red Hat

Libvirt

PT-2008-6233 · Libvirt+1 · Libvirt+1

CVE-2008-5086

Related Identifiers

Affected Products

References · 46