CVE-2013-4401

Severity

85%

Complexity

68%

Confidentiality

165%

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.

CVSS 2.0 Base Score 8.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C).

Overview

Type

Red Hat libvirt

First reported 11 years ago

2013-11-02 18:55:00

Last updated 10 years ago

2015-01-02 16:30:00

Affected Software

Red Hat libvirt 1.1.0

1.1.0

Red Hat libvirt 1.1.1

1.1.1

Red Hat libvirt 1.1.2

1.1.2

Red Hat libvirt 1.1.3

1.1.3

References

http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c

Patch

55210

Vendor Advisory

60895

GLSA-201412-04

http://wiki.libvirt.org/page/Maintenance_Releases

1029241

USN-2026-1

https://bugzilla.redhat.com/show_bug.cgi?id=1015259

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.