CVE-2019-10161

EPSS 0.07%
Published 30.07.2019 23:15:12
Last modified 21.11.2024 04:18:32
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Affected products Warnungen 0 Metrics 4 CWE 3 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Libvirt Version < 4.10.1

Redhat ≫ Libvirt Version >= 5.0.0 < 5.4.1

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Virtualization Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version7.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.192

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
secalert@redhat.com	8.8	2	6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://access.redhat.com/libvirt-privesc-vulnerabilities

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161

Patch

Third Party Advisory

Issue Tracking

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580

https://security.gentoo.org/glsa/202003-18