PT-2015-4533 · Red Hat+4 · Libvirt+5

Luyao Huang

Published

2015-01-29

Updated

2024-06-15

CVE-2015-0236

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.2.12

Description The issue allows remote authenticated users to obtain the VNC password by using the VIR DOMAIN XML SECURE flag with a crafted snapshot to the virDomainSnapshotGetXMLDesc interface or a crafted image to the virDomainSaveImageGetXMLDesc interface.

Recommendations For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc interfaces until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1157

CESA-2015_0323

CVE-2015-0236

MGASA-2015-0046

OPENSUSE-SU-2024:10209-1

RHSA-2015:0323

RHSA-2015_0323

SUSE-SU-2016:0304-1

SUSE-SU-2016_0304-1

USN-2867-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libvirt

PT-2015-4533 · Red Hat+4 · Libvirt+5

CVE-2015-0236

Weakness Enumeration

Related Identifiers

Affected Products

References · 75