Upstream information
Description
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 7.2 |
Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel-1.2.5-3.76 |
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA libvirt-0.7.6-1.9.8 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libvirt-0.9.6-0.13.42 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libvirt-1.0.5.1-0.7.10 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libvirt-1.2.5-3.76 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel-1.2.5-3.76 |
SUSE Linux Micro 6.0 |
| Patchnames: SUSE Linux Micro 6.0 GA libvirt-client-10.0.0-2.1 |
SUSE Linux Micro 6.1 |
| Patchnames: SUSE Linux Micro 6.1 GA libvirt-client-10.0.0-slfo.1.1_1.1 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11008 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 06:35:54 2013CVE page last modified: Tue Dec 17 16:13:28 2024