CVE Vulnerabilities

CVE-2013-4291

Published: Sep 30, 2013 | Modified: Oct 01, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

Affected Software

Name Vendor Start Version End Version
Libvirt Redhat 0.10.2.7 0.10.2.7
Libvirt Redhat 1.0.5.5 1.0.5.5
Libvirt Redhat 1.1.1 1.1.1
Libvirt Ubuntu devel *
Libvirt Ubuntu upstream *

References