CVE Reference: CVE-2013-4401

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-4401

Description:
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-2026-1

ST
  1029241

SAID
  Secunia Advisory: SA55210
  Secunia Advisory: SA60895

MISC

GENTOO
  http://security.gentoo.org/glsa/glsa-201412-04.xml

CONFIRM
  http://wiki.libvirt.org/page/Maintenance_Releases
  http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c


Return to the previous page.