libvirt is vulnerable to privilege escalation. The vulnerability exists as the libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections.
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
osvdb.org/50919
secunia.com/advisories/33198
secunia.com/advisories/33217
secunia.com/advisories/33292
secunia.com/advisories/34397
www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html
www.redhat.com/support/errata/RHSA-2009-0382.html
www.securityfocus.com/bid/32905
www.ubuntu.com/usn/usn-694-1
access.redhat.com/errata/RHSA-2009:0382
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=476560
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8765
www.redhat.com/archives/libvir-list/2008-December/msg00522.html