Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23568

HistoryApr 10, 2020 - 12:30 a.m.

Privilege Escalation

2020-04-1000:30:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0

Percentile

10.1%

libvirt is vulnerable to privilege escalation. The vulnerability exists as the libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections.

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

osvdb.org/50919

secunia.com/advisories/33198

secunia.com/advisories/33217

secunia.com/advisories/33292

secunia.com/advisories/34397

www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html

www.redhat.com/support/errata/RHSA-2009-0382.html

www.securityfocus.com/bid/32905

www.ubuntu.com/usn/usn-694-1

access.redhat.com/errata/RHSA-2009:0382

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=476560

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765

www.redhat.com/archives/libvir-list/2008-December/msg00522.html

EPSS

0

Percentile

10.1%

Related for VERACODE:23568

openvas13 nessus10 securityvulns2 fedora2 ubuntucve2 cve2 nvd2 debiancve2 prion2 ubuntu1 cvelist2 redhat1 oraclelinux1