Computer Security
[EN] securityvulns.ru no-pyccku


libvirt information disclosure
Published:11.02.2015
Source:
SecurityVulns ID:14260
Type:library
Threat Level:
5/10
Description:It's possible to manipulate VIR_DOMAIN_XML_SECURE flag.
Affected:LIBVIRT : libvirt 1.2
CVE:CVE-2015-0236 (libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:035 ] libvirt (11.02.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod