Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0236

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-0236
Last Modified 31 Mar 2015 10:00:08
Published 29 Jan 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-0236

Summary

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Vulnerable Systems

Application

  • Redhat Libvirt 1.2.0

  • Redhat Libvirt 1.2.1

  • Redhat Libvirt 1.2.10

  • Redhat Libvirt 1.2.11

  • Redhat Libvirt 1.2.2

  • Redhat Libvirt 1.2.3

  • Redhat Libvirt 1.2.4

  • Redhat Libvirt 1.2.5

  • Redhat Libvirt 1.2.6

  • Redhat Libvirt 1.2.7

  • Redhat Libvirt 1.2.8

  • Redhat Libvirt 1.2.9


References

CONFIRM - http://security.libvirt.org/2015/0001.html

SECUNIA - 62766

SUSE - openSUSE-SU-2015:0225

REDHAT - RHSA-2015:0323

MANDRIVA - MDVSA-2015:035

CONFIRM - http://advisories.mageia.org/MGASA-2015-0046.html

MANDRIVA - MDVSA-2015:070


Last Updated: 27 May 2016 11:07:40