Published: 11/04/2016 Updated: 13/02/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 2.5 | Impact Score: 1.4 | Exploitability Score: 1

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt -

Synopsis Moderate: libvirt security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Debian Bug report logs - #808273 CVE-2015-5313: storage: don't allow '/' in filesystem volume names Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Fri, 18 Dec 2015 08:36:01 UTC Severi ...

Several security issues were fixed in libvirt ...

CWE-22 https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html http://security.libvirt.org/2015/0004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html http://www.securityfocus.com/bid/90913 https://security.gentoo.org/glsa/201612-10 http://rhn.redhat.com/errata/RHSA-2016-2577.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7 https://access.redhat.com/errata/RHSA-2016:2577 https://usn.ubuntu.com/2867-1/https://nvd.nist.gov

CVE-2015-5313

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect