oss-sec mailing list archives

CVE request: libvirt: several API calls do not honour read-only connection

From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 9 Mar 2011 18:37:02 -0500 (EST)

"It has been found that several libvirt API calls (virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not
honour read-only connection. Remote attacker could use this flaw to crash the
host server (DoS)."

Reference: 
https://bugzilla.redhat.com/show_bug.cgi?id=683650

Thanks,
--
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)
- Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)