oss-sec mailing list archives

Re: CVE request: libvirt: several API calls do not honour read-only connection

From: Josh Bressers <bressers () redhat com>
Date: Thu, 10 Mar 2011 15:04:35 -0500 (EST)



----- Original Message -----

"It has been found that several libvirt API calls
(virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot,
virDomainSnapshotDelete) did not
honour read-only connection. Remote attacker could use this flaw to
crash the
host server (DoS)."

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=683650


This should only need one ID.

Please use CVE-2011-1146

Thanks.

-- 
    JB

Current thread:

CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)
- Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)