CVE Vulnerabilities

CVE-2008-5086

Published: Dec 19, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
3.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:N/A:P
RedHat/V3
Ubuntu

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

Affected Software

Name Vendor Start Version End Version
Libvirt Libvirt 0.3.2 0.3.2
Libvirt Libvirt 0.3.3 0.3.3
Libvirt Libvirt 0.4.1 0.4.1
Libvirt Libvirt 0.4.2 0.4.2
Libvirt Libvirt 0.4.6 0.4.6
Libvirt Libvirt 0.5.0 0.5.0
Libvirt Libvirt 0.5.1 0.5.1
Red Hat Enterprise Linux 5 RedHat libvirt-0:0.3.3-14.el5_3.1 *
Libvirt Ubuntu devel *
Libvirt Ubuntu gutsy *
Libvirt Ubuntu hardy *
Libvirt Ubuntu intrepid *
Libvirt Ubuntu upstream *

References