Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24137

HistoryApr 10, 2020 - 12:47 a.m.

Information Disclosure

2020-04-1000:47:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.001

Percentile

26.4%

libvirt is vulnerable to information disclosure. It was found that libvirt created insecure iptables rules on the host when a guest system was configured for IP masquerading, allowing the guest to use privileged ports on the host when accessing network resources. A privileged guest user could use this flaw to access network resources that would otherwise not be accessible to the guest.

References

libvirt.org/news.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

ubuntu.com/usn/usn-1008-1

ubuntu.com/usn/usn-1008-2

ubuntu.com/usn/usn-1008-3

www.redhat.com/security/updates/classification/#low

www.redhat.com/support/errata/RHSA-2010-0615.html

www.vupen.com/english/advisories/2010/2062

www.vupen.com/english/advisories/2010/2763

access.redhat.com/errata/RHSA-2010:0615

bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943

bugzilla.redhat.com/show_bug.cgi?id=602455

EPSS

0.001

Percentile

26.4%

Related for VERACODE:24137

debiancve1 cvelist1 ubuntucve1 nessus16 prion1 cve1 nvd1 oraclelinux1 openvas15 redhat1 centos1 fedora2 ubuntu4 securityvulns2