Lucene search

K

[email protected]NVD:CVE-2010-2238

HistoryAug 19, 2010 - 6:00 p.m.

CVE-2010-2238

2010-08-1918:00:03

CWE-264

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:S/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.5%

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Affected configurations

NVD

Node

libvirtlibvirtMatch0.7.2

OR

libvirtlibvirtMatch0.7.3

OR

libvirtlibvirtMatch0.7.4

OR

libvirtlibvirtMatch0.7.5

OR

libvirtlibvirtMatch0.7.6

OR

libvirtlibvirtMatch0.7.7

OR

libvirtlibvirtMatch0.8.0

OR

libvirtlibvirtMatch0.8.1

OR

libvirtlibvirtMatch0.8.2

References

libvirt.org/news.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

ubuntu.com/usn/usn-1008-1

ubuntu.com/usn/usn-1008-2

ubuntu.com/usn/usn-1008-3

www.vupen.com/english/advisories/2010/2763

bugzilla.redhat.com/show_bug.cgi?id=607811

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:S/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.5%

Related for NVD:CVE-2010-2238

cve2 ubuntucve2 debiancve2 prion2 cvelist2 nvd1 openvas14 securityvulns3 ubuntu5 nessus10 fedora2