Wind River Support Network

HomeDefectsLIN6-8809
Fixed

LIN6-8809 : Security Advisory - libvirt - CVE-2013-4401

Created: Nov 25, 2014    Updated: Dec 3, 2018
Resolved Date: Nov 30, 2014
Previous ID: LIN4-31988
Found In Version: 6.0.0.15
Fix Version: 6.0.0.16
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The virConnectDomainXMLToNative API function in libvirt 1.1.0 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML.  NOTE: some of these details are obtained from third party information.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4401

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube