Описание
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.2.21-2ubuntu5 |
| esm-infra-legacy/trusty | not-affected | 1.2.2-0ubuntu13.1.16 |
| precise | not-affected | 0.9.8-2ubuntu17.22 |
| trusty | released | 1.2.2-0ubuntu13.1.16 |
| trusty/esm | not-affected | 1.2.2-0ubuntu13.1.16 |
| upstream | needs-triage | |
| vivid | released | 1.2.12-0ubuntu14.4 |
| wily | released | 1.2.16-2ubuntu11.15.10.2 |
Показывать по
EPSS
1.9 Low
CVSS2
2.5 Low
CVSS3
Связанные уязвимости
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Directory traversal vulnerability in the virStorageBackendFileSystemVo ...
EPSS
1.9 Low
CVSS2
2.5 Low
CVSS3