PT-2010-5120 · Red Hat · Libguestfs+3

Petr Matousek

Published

2010-11-04

Updated

2011-08-27

CVE-2010-3851

CVSS v2.0

4.7

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libguestfs versions prior to 1.5.23 virt-v2v versions prior to 1.5.23 virt-inspector versions prior to 1.5.3

Description The issue allows local guest OS administrators to read files from the host via a crafted qcow2, VMDK, or VDI header when a raw-format disk image is used. This is related to the lack of support for a disk format specifier.

Recommendations For libguestfs versions prior to 1.5.23, update to version 1.5.23 or later. For virt-v2v versions prior to 1.5.23, update to version 1.5.23 or later. For virt-inspector versions prior to 1.5.3, update to version 1.5.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-3851

RHSA-2011:0586

RHSA-2011_0586

Affected Products

Red Hat

Libguestfs

Virt-Inspector

Virt-V2V

PT-2010-5120 · Red Hat · Libguestfs+3

CVE-2010-3851

Weakness Enumeration

Related Identifiers

Affected Products

References · 17