CVE-2019-10132

Опубликовано: 21 мая 2019

Источник: redhat

CVSS3: 8.8

Описание

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libvirt	Not affected
Red Hat Enterprise Linux 6	libvirt	Not affected
Red Hat Storage 3	libvirt	Not affected
Red Hat Enterprise Linux 7	libvirt	Fixed	RHSA-2019:1264	23.05.2019
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2019:1268	23.05.2019
Red Hat Enterprise Linux 8 Advanced Virtualization	virt	Fixed	RHSA-2019:1455	11.06.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=1706067libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter

8.8 High

CVSS3

Связанные уязвимости

CVE-2019-10132

CVSS3: 8.8

ubuntu

больше 6 лет назад

CVE-2019-10132

CVSS3: 8.8

nvd

больше 6 лет назад

CVE-2019-10132

CVSS3: 8.8

debian

больше 6 лет назад

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.s ...

GHSA-gf34-qgv2-76mf

CVSS3: 8.8

github

больше 3 лет назад

ELSA-2019-4688

oracle-oval

больше 6 лет назад

ELSA-2019-4688: libvirt security update (IMPORTANT)

8.8 High

CVSS3