Описание
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.1.4-0ubuntu1 |
| lucid | not-affected | |
| precise | not-affected | |
| quantal | not-affected | |
| raring | not-affected | 1.0.2-0ubuntu11.13.04.4 |
| saucy | released | 1.1.1-0ubuntu8.1 |
| upstream | needs-triage |
Показывать по
EPSS
8.5 High
CVSS2
Связанные уязвимости
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
EPSS
8.5 High
CVSS2