libvirt is vulnerable to arbitrary code execution. The vulnerability exists as libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges.
git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28
git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28
openwall.com/lists/oss-security/2009/02/10/8
secunia.com/advisories/34397
www.redhat.com/support/errata/RHSA-2009-0382.html
www.securityfocus.com/bid/33724
access.redhat.com/errata/RHSA-2009:0382
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=484947
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127
www.redhat.com/archives/libvir-list/2009-January/msg00699.html
www.redhat.com/archives/libvir-list/2009-January/msg00726.html
www.redhat.com/archives/libvir-list/2009-January/msg00728.html