The virConnectDomainXMLToNative API function in libvirt 1.1.0 up to and including 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows malicious users to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat libvirt 1.1.2 |
||
redhat libvirt 1.1.1 |
||
redhat libvirt 1.1.0 |
||
redhat libvirt 1.1.3 |