Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2178

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2011-2178
Last Modified 02 Aug 2012 12:00:00
Published 10 Aug 2011 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2178

Summary

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.

Vulnerable Systems

Application

  • Redhat Libvirt 0.8.8

  • Redhat Libvirt 0.9.0

  • Redhat Libvirt 0.9.1


References

MLIST - [libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=709769

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=709775

UBUNTU - USN-1152-1

CONFIRM - http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html

SUSE - openSUSE-SU-2011:0643

FEDORA - FEDORA-2011-9091

CONFIRM - http://libvirt.org/news.html


Last Updated: 27 May 2016 10:56:57