Lucene search

PRIOn knowledge basePRION:CVE-2008-5086

HistoryDec 19, 2008 - 5:30 p.m.

Code injection

2008-12-1917:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

CPENameOperatorVersion
libvirteq0.4.1
libvirteq0.5.1
libvirteq0.4.6
libvirteq0.4.2
libvirteq0.3.3
libvirteq0.5.0
libvirteq0.3.2

Name	Operator	Version
libvirt	eq	0.4.1
libvirt	eq	0.5.1
libvirt	eq	0.4.6
libvirt	eq	0.4.2
libvirt	eq	0.3.3
libvirt	eq	0.5.0
libvirt	eq	0.3.2

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

osvdb.org/50919

secunia.com/advisories/33198

secunia.com/advisories/33217

secunia.com/advisories/33292

secunia.com/advisories/34397

www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html

www.redhat.com/support/errata/RHSA-2009-0382.html

www.securityfocus.com/bid/32905

www.ubuntu.com/usn/usn-694-1

bugzilla.redhat.com/show_bug.cgi?id=476560

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765

www.redhat.com/archives/libvir-list/2008-December/msg00522.html

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for PRION:CVE-2008-5086