oss-sec mailing list archives
CVE request: libvirt: several API calls do not honour read-only connection
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 9 Mar 2011 18:37:02 -0500 (EST)
"It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not honour read-only connection. Remote attacker could use this flaw to crash the host server (DoS)." Reference: https://bugzilla.redhat.com/show_bug.cgi?id=683650 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)
- Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)