UbuntuUSN-2209-1libvirt vulnerabilities
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:N/I:P/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Releases
- Ubuntu 13.10
Packages
- libvirt - Libvirt virtualization toolkit
Details
It was discovered that libvirt incorrectly handled symlinks when using the
LXC driver. An attacker could possibly use this issue to delete host
devices, create arbitrary nodes, and shutdown or power off the host.
(CVE-2013-6456)
Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE
migrations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2013-7336)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | libvirt0 | <Β 1.1.1-0ubuntu8.11 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libvirt-bin | <Β 1.1.1-0ubuntu8.11 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libvirt-dev | <Β 1.1.1-0ubuntu8.11 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libvirt0-dbg | <Β 1.1.1-0ubuntu8.11 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-libvirt | <Β 1.1.1-0ubuntu8.11 | UNKNOWN |
Related
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:N/I:P/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%