CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
26.5%
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
libvirt | libvirt | 0.6.1 | cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:* |
libvirt | libvirt | 0.6.2 | cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:* |
libvirt | libvirt | 0.6.3 | cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:* |
libvirt | libvirt | 0.6.4 | cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:* |
libvirt | libvirt | 0.6.5 | cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:* |
libvirt | libvirt | 0.7.0 | cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:* |
libvirt | libvirt | 0.7.1 | cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:* |
libvirt | libvirt | 0.7.2 | cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:* |
libvirt | libvirt | 0.7.3 | cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:* |
libvirt | libvirt | 0.7.4 | cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:* |
libvirt.org/news.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
ubuntu.com/usn/usn-1008-1
ubuntu.com/usn/usn-1008-2
ubuntu.com/usn/usn-1008-3
www.vupen.com/english/advisories/2010/2763
bugzilla.redhat.com/show_bug.cgi?id=607810