CVE-2011-1486

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 0.9.0 libvirt-debuginfo versions 0.8.1 libvirt-devel versions 0.8.1 libvirt-python versions 0.8.1 libvirt-client versions 0.8.1

Description The issue affects the libvirt package in Red Hat Enterprise Linux, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be performed locally. The problem with libvirtd in libvirt before version 0.9.0 is that it does not use thread-safe error reporting, allowing remote attackers to cause a denial of service by reporting errors simultaneously.

Recommendations For libvirt versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. For libvirt-debuginfo, libvirt-devel, libvirt-python, and libvirt-client versions 0.8.1, consider disabling local access until a patch is available. As a temporary workaround, restrict local exploitation to minimize the risk of breach.