Computer Security
[EN] securityvulns.ru no-pyccku


libvirt information leakage
Published:24.11.2014
Source:
SecurityVulns ID:14096
Type:library
Threat Level:
5/10
Description:Information access via qemuDomainFormatXML.
Affected:LIBVIRT : libvirt 1.2
CVE:CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.)
 CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.)
Original documentdocumentUBUNTU, [USN-2404-1] libvirt vulnerabilities (24.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod