oss-sec mailing list archives
Re: CVE request: libvirt: several API calls do not honour read-only connection
From: Josh Bressers <bressers () redhat com>
Date: Thu, 10 Mar 2011 15:04:35 -0500 (EST)
----- Original Message -----
"It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not honour read-only connection. Remote attacker could use this flaw to crash the host server (DoS)." Reference: https://bugzilla.redhat.com/show_bug.cgi?id=683650
This should only need one ID. Please use CVE-2011-1146 Thanks. -- JB
Current thread:
- CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)
- Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)