UbuntuUSN-1152-1libvirt vulnerabilities
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
89.5%
Releases
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- libvirt - Libvirt virtualization toolkit
Details
It was discovered that libvirt did not use thread-safe error reporting. A
remote attacker could exploit this to cause a denial of service via
application crash. (CVE-2011-1486)
Eric Blake discovered that libvirt had an off-by-one error which could
be used to reopen disk probing and bypass the fix for CVE-2010-2238. A
privileged attacker in the guest could exploit this to read arbitrary files
on the host. This issue only affected Ubuntu 11.04. By default, guests are
confined by an AppArmor profile which provided partial protection against
this flaw. (CVE-2011-2178)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.04 | noarch | libvirt0 | < 0.8.8-1ubuntu6.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libvirt-bin | < 0.8.8-1ubuntu6.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libvirt-dev | < 0.8.8-1ubuntu6.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libvirt0-dbg | < 0.8.8-1ubuntu6.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | python-libvirt | < 0.8.8-1ubuntu6.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | libvirt0 | < 0.8.3-1ubuntu18 | UNKNOWN |
| Ubuntu | 10.10 | noarch | libvirt-bin | < 0.8.3-1ubuntu18 | UNKNOWN |
| Ubuntu | 10.10 | noarch | libvirt-dev | < 0.8.3-1ubuntu18 | UNKNOWN |
| Ubuntu | 10.10 | noarch | libvirt0-dbg | < 0.8.3-1ubuntu18 | UNKNOWN |
| Ubuntu | 10.10 | noarch | python-libvirt | < 0.8.3-1ubuntu18 | UNKNOWN |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
89.5%