libvirt security update
several API calls did not honor the read-only flag
connections. Attackers could exploit that to modify the
state of the system or potentially execute code
(CVE-2011-1146).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4164
Fixed bugs
bnc#678406
VUL-0: libvirt: several API calls do not honour read-only connection
CVE#CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2
