libvirt: several API calls do not honour read-only connection

🗓️ 28 Mar 2011 16:46:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

Libvirt API ignores read-only mode, enabling denial of service or remote code execution via six API calls.

Reporter	Title	Published	Views	Family All 125
ALT Linux	Security fix for the ALT Linux 8 package libvirt version 0.9.0-alt1	6 Apr 201100:00	–	altlinux
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the CentOS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the CentOS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the CentOS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 5 : libvirt (CESA-2011:0391)	29 Apr 201100:00	–	nessus
Tenable Nessus	Debian DSA-2194-1 : libvirt - insufficient checks	21 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 9 : libvirt-0.5.1-2.fc9 (2008-11433)	21 Dec 200800:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	libvirt	0:0.8.1-27.el6_0.5	libvirt-0:0.8.1-27.el6_0.5.i686.rpm
Red Hat Enterprise Linux	6	ppc64	libvirt	0:0.8.1-27.el6_0.5	libvirt-0:0.8.1-27.el6_0.5.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	libvirt	0:0.8.1-27.el6_0.5	libvirt-0:0.8.1-27.el6_0.5.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	libvirt	0:0.8.1-27.el6_0.5	libvirt-0:0.8.1-27.el6_0.5.x86_64.rpm
Red Hat Enterprise Linux	5	i386	libvirt	0:0.8.2-15.el5_6.3	libvirt-0:0.8.2-15.el5_6.3.i386.rpm
Red Hat Enterprise Linux	5	ia64	libvirt	0:0.8.2-15.el5_6.3	libvirt-0:0.8.2-15.el5_6.3.ia64.rpm
Red Hat Enterprise Linux	5	x86_64	libvirt	0:0.8.2-15.el5_6.3	libvirt-0:0.8.2-15.el5_6.3.x86_64.rpm
Red Hat Enterprise Linux	6	i686	libvirt-client	0:0.8.1-27.el6_0.5	libvirt-client-0:0.8.1-27.el6_0.5.i686.rpm
Red Hat Enterprise Linux	6	ppc	libvirt-client	0:0.8.1-27.el6_0.5	libvirt-client-0:0.8.1-27.el6_0.5.ppc.rpm
Red Hat Enterprise Linux	6	ppc64	libvirt-client	0:0.8.1-27.el6_0.5	libvirt-client-0:0.8.1-27.el6_0.5.ppc64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2011-1146
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-1146
cve	www.cve.org/CVERecord

21 Nov 2025 17:37Current

7.8High risk

Vulners AI Score7.8

CVSS 27.2

EPSS0.01556

libvirt read only mode denial of service remote code execution node device detach node device reattach domain revert snapshot delete xml to native