CVE-2011-1146

Severity

69%

Complexity

34%

Confidentiality

165%

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 13 years ago

2011-03-15 17:55:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

Red Hat libvirt 0.8.8

0.8.8

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773

Patch

http://libvirt.org/git/?p=libvirt.git;a=commit;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3

Patch

FEDORA-2011-3286

openSUSE-SU-2011:0311

[oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection

Patch

[oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection

Patch

43670

Vendor Advisory

43780

43897

43917

44069

DSA-2194

RHSA-2011:0391

46820

1025262

USN-1094-1

ADV-2011-0694

ADV-2011-0700

ADV-2011-0794

ADV-2011-0805

https://bugzilla.novell.com/show_bug.cgi?id=678406

https://bugzilla.redhat.com/show_bug.cgi?id=683650

Patch

libvirt-apicalls-dos(66012)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.