Computer Security
[EN] securityvulns.ru no-pyccku


Libvirt code privilege escalation
Published:18.11.2013
Source:
SecurityVulns ID:13408
Type:library
Threat Level:
5/10
Description:virConnectDomainXMLToNative() invalid privileges check.
Affected:LIBVIRT : libvirt 1.1
CVE:CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.)
Original documentdocumentUBUNTU, [USN-2026-1] libvirt vulnerability (18.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod