CVE-2011-2178

Severity

44%

Complexity

27%

Confidentiality

115%

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:S/C:C/I:N/A:N).

Overview

Type

Red Hat libvirt

First reported 13 years ago

2011-08-10 20:55:00

Last updated 12 years ago

2012-08-02 04:00:00

Affected Software

Red Hat libvirt 0.8.8

0.8.8

Red Hat libvirt 0.9.0

0.9.0

Red Hat libvirt 0.9.1

0.9.1

References

http://libvirt.org/news.html

FEDORA-2011-9091

openSUSE-SU-2011:0643

http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html

USN-1152-1

https://bugzilla.redhat.com/show_bug.cgi?id=709769

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=709775

[libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.