Computer Security

libvirt security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



libvirt security vulnerabilities
Published:19.06.2011
Source:BUGTRAQ
SecurityVulns ID:11743
Type:library
Level:6/10
Description:DoS, off-by-one.
Affected:LIBVIRT : libvirt 0.9
CVE:CVE-2011-2178 (The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.)
 CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.)
Original documentdocumentUBUNTU, [USN-1152-1] libvirt vulnerabilities (19.06.2011)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru