CVE-2010-2238
First published: Thu Jun 24 2010(Updated: )
It was found that libvirt did not extract the defined disk backing store format when recursing into disk image backing stores in the security drivers. This could be possibly exploited by priviledged guest user to access arbitrary files on the host.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libvirt | =0.7.2 | |
| libvirt | =0.7.3 | |
| libvirt | =0.7.4 | |
| libvirt | =0.7.5 | |
| libvirt | =0.7.6 | |
| libvirt | =0.7.7 | |
| libvirt | =0.8.0 | |
| libvirt | =0.8.1 | |
| libvirt | =0.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://libvirt.org/news.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- https://bugzilla.redhat.com/show_bug.cgi?id=607811
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-2
- http://ubuntu.com/usn/usn-1008-3
- http://ubuntu.com/usn/usn-1008-1
- http://www.vupen.com/english/advisories/2010/2763
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=613625
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2238
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/libvirt
- canonical/libvirt
- version/libvirt/0.7.2
- version/libvirt/0.7.3
- version/libvirt/0.7.4
- version/libvirt/0.7.5
- version/libvirt/0.7.6
- version/libvirt/0.7.7
- version/libvirt/0.8.0
- version/libvirt/0.8.1
- version/libvirt/0.8.2