CVE-2015-0236

Опубликовано: 29 янв. 2015

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Ссылки

http://advisories.mageia.org/MGASA-2015-0046.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0323.html
Third Party Advisory
http://secunia.com/advisories/62766
http://security.libvirt.org/2015/0001.html
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
Broken Link
http://www.ubuntu.com/usn/USN-2867-1
Third Party Advisory
http://advisories.mageia.org/MGASA-2015-0046.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0323.html
Third Party Advisory
http://secunia.com/advisories/62766
http://security.libvirt.org/2015/0001.html
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
Broken Link
http://www.ubuntu.com/usn/USN-2867-1
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Версия до 1.2.11 (включая)

cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:redhat:libvirt:1.2.10:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00423

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-0236

ubuntu

больше 10 лет назад

CVE-2015-0236

redhat

больше 10 лет назад

CVE-2015-0236

debian

больше 10 лет назад

libvirt before 1.2.12 allow remote authenticated users to obtain the V ...

GHSA-rj3c-3mq3-fpc6

github

больше 3 лет назад

SUSE-SU-2016:0304-1

suse-cvrf

больше 9 лет назад

Security update for libvirt

EPSS

Процентиль: 61%

0.00423

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200