Published: 19/08/2010 Updated: 30/10/2010

CVSS v2 Base Score: 4.4 | Impact Score: 6.9 | Exploitability Score: 2.7

VMScore: 392

Vector: AV:L/AC:M/Au:S/C:C/I:N/A:N

Red Hat libvirt, possibly 0.7.2 up to and including 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvirt libvirt 0.7.2
libvirt libvirt 0.8.1
libvirt libvirt 0.7.4
libvirt libvirt 0.7.5
libvirt libvirt 0.7.6
libvirt libvirt 0.7.7
libvirt libvirt 0.7.3
libvirt libvirt 0.8.0
libvirt libvirt 0.8.2

This update restores ‘host_device’ support for domain XML on Ubuntu 1004 LTS ...

Libvirt could be made to crash or read arbitrary files on the host ...

Guest VMs could be made to circumvent security protections to access resources on the host ...

This update reenables recent bug fixes ...

Updated virtinst for use with the new libvirt ...

CWE-264 http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html https://bugzilla.redhat.com/show_bug.cgi?id=607811 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://ubuntu.com/usn/usn-1008-2 http://ubuntu.com/usn/usn-1008-3 http://ubuntu.com/usn/usn-1008-1 http://www.vupen.com/english/advisories/2010/2763 https://nvd.nist.gov https://usn.ubuntu.com/1008-4/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2238

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect