PT-2010-3836 · Red Hat · Libvirt+1

Petr Matousek

Published

2010-08-10

Updated

2010-10-30

CVE-2010-2239

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat libvirt versions 0.6.0 through 0.8.2

Description The issue allows guest OS users to read arbitrary files on the host OS. This is due to new images being created without setting the user-defined backing-store format. The exact vectors used for this are not specified.

Recommendations For versions 0.6.0 through 0.8.2, consider configuring the backing-store format manually to prevent guest OS users from reading arbitrary files on the host OS. As a temporary workaround, restrict access to sensitive files on the host OS to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-2239

RHSA-2010:0615

RHSA-2010_0615

Affected Products

Red Hat

Libvirt

PT-2010-3836 · Red Hat · Libvirt+1

CVE-2010-2239

Weakness Enumeration

Related Identifiers

Affected Products

References · 18