what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Ubuntu Security Notice 1008-2
Posted Oct 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
MD5 | a3abfa77d3f4af0f67ad5aec2b7c560c
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
No, You Don't Need A Burner Phone At A Hacking Conference
Posted Jul 18, 2019

tags | headline, hacker, privacy, phone, conference
Unofficial Telegram App Secretly Loads Malicious Sites
Posted Jul 17, 2019

tags | headline, malware, phone
Bluetooth Exploit Can Track And Identify Mobile Device Users
Posted Jul 17, 2019

tags | headline, privacy, wireless, spyware
Elon Musk Reveals Brain Hacking Plans
Posted Jul 17, 2019

tags | headline, hacker, science
JetBlue Bomb Scare Set Off With Apple AirDrop
Posted Jul 17, 2019

tags | headline, apple, terror
MyDashWallet Compromised For Two Months, Wallet Keys Taken
Posted Jul 16, 2019

tags | headline, cybercrime, data loss, fraud, cryptography
Office 365 Declared Illegal In German Schools Due To Privacy Risks
Posted Jul 16, 2019

tags | headline, government, privacy, microsoft, flaw, germany
Amadeus Airline Check-In Bug Exposed Boarding Passes
Posted Jul 16, 2019

tags | headline, privacy, data loss, spyware, terror
Sprint Says Hackers Breached Customer Accounts Via Samsung Website
Posted Jul 16, 2019

tags | headline, hacker, privacy, phone, data loss, samsung
Bitcoin Drops 10 Percent As Scrutiny Grows
Posted Jul 15, 2019

tags | headline, bank, cryptography
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close