Lucene search

PRIOn knowledge basePRION:CVE-2014-0028

HistoryJan 24, 2014 - 6:55 p.m.

Design/Logic Flaw

2014-01-2418:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

70.0%

JSON

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

CPENameOperatorVersion
libvirteq1.2.0
libvirteq1.1.2
libvirteq1.1.4
libvirteq1.1.1
libvirteq1.1.3

Name	Operator	Version
libvirt	eq	1.2.0
libvirt	eq	1.1.2
libvirt	eq	1.1.4
libvirt	eq	1.1.1
libvirt	eq	1.1.3

References

libvirt.org/news.html

lists.opensuse.org/opensuse-updates/2014-02/msg00060.html

secunia.com/advisories/60895

security.gentoo.org/glsa/glsa-201412-04.xml

www.ubuntu.com/usn/USN-2093-1

bugzilla.redhat.com/show_bug.cgi?id=1048637

www.redhat.com/archives/libvir-list/2014-January/msg00684.html

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for PRION:CVE-2014-0028