Veracode Vulnerability DatabaseVERACODE:23568Privilege Escalation
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
libvirt is vulnerable to privilege escalation. The vulnerability exists as the libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections.
References
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
osvdb.org/50919
secunia.com/advisories/33198
secunia.com/advisories/33217
secunia.com/advisories/33292
secunia.com/advisories/34397
www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html
www.redhat.com/support/errata/RHSA-2009-0382.html
www.securityfocus.com/bid/32905
www.ubuntu.com/usn/usn-694-1
access.redhat.com/errata/RHSA-2009:0382
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=476560
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765
www.redhat.com/archives/libvir-list/2008-December/msg00522.html
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C