Executive Summary

Informations
NameCVE-2019-10161First vendor Publication2019-07-30
VendorCveLast vendor Modification2019-10-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3

Sources (Detail)

SourceUrl
CONFIRM https://access.redhat.com/libvirt-privesc-vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161
https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-10-10 05:20:52
  • Multiple Updates
2019-08-08 21:19:46
  • Multiple Updates
2019-07-31 17:19:10
  • Multiple Updates
2019-07-31 05:19:25
  • First insertion