CVE-2013-4401
Published: 2 November 2013
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 1.1.0 |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
(1.0.2-0ubuntu11.13.04.4)
|
|
saucy |
Released
(1.1.1-0ubuntu8.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c |