Lucene search
Redhat.comRH:CVE-2019-10166HistoryJun 20, 2019 - 12:23 p.m.
CVE-2019-10166
2019-06-2012:23:30
redhat.com
access.redhat.com
10
0.0004 Low
EPSS
Percentile
5.1%
It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
Mitigation
The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing /etc/libvirt/libvirtd.conf. The settings unix_sock_group = libvirt and unix_sock_ro_perms = 0770 will restrict access to only members of libvirt, who already have management access to virtual machines.
Related
cve
cve
CVE-2019-10166
2019-08-02 13:15:12
prion
prion
Code injection
2019-08-02 13:15:00
osv
osv
CVE-2019-10166
2019-08-02 13:15:12
nvd
nvd
CVE-2019-10166
2019-08-02 13:15:12
cvelist
cvelist
CVE-2019-10166
2019-08-02 12:02:59
ubuntucve
ubuntucve
CVE-2019-10166
2019-06-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-06-24 00:21:49
alpinelinux
alpinelinux
CVE-2019-10166
2019-08-02 13:15:12
debiancve
debiancve
CVE-2019-10166
2019-08-02 13:15:12
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1599-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1637-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1796)
2020-01-23 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)
2019-06-24 00:00:00
EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)
2019-08-23 00:00:00
openSUSE Security Update : libvirt (openSUSE-2019-1672)
2019-07-01 00:00:00
suse
suse
Security update for libvirt (important)
2019-06-30 00:00:00
Security update for libvirt (important)
2019-07-20 00:00:00
redhat
redhat
(RHSA-2019:1762) Important: virt:8.0.0 security update
2019-07-11 15:06:35
(RHSA-2019:1579) Important: libvirt security and bug fix update
2019-06-20 12:44:11
(RHSA-2019:1580) Important: virt:rhel security update
2019-06-20 12:44:28
gentoo
gentoo
libvirt: Multiple vulnerabilities
2020-03-15 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2019-06-21 00:00:00
virt:rhel security update
2019-07-30 00:00:00
libvirt security update
2019-07-10 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2019-07-08 00:00:00
centos
centos
libvirt security update
2019-06-20 20:39:11
mageia
mageia
Updated libvirt packages fix security vulnerabilities
2019-12-15 21:03:05
photon
photon
Critical Photon OS Security Update - PHSA-2019-0032
2019-10-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0032
2019-10-04 00:00:00
amazon
amazon
Important: libvirt
2019-08-23 03:34:00
fedora
fedora
[SECURITY] Fedora 29 Update: libvirt-4.7.0-5.fc29
2019-07-09 02:25:07
[SECURITY] Fedora 30 Update: libvirt-5.1.0-9.fc30
2019-07-09 00:56:34