CVE-2011-2178

Related Files

Gentoo Linux Security Advisory 201202-07

Posted Feb 28, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2011-1146, CVE-2011-1486, CVE-2011-2178, CVE-2011-2511

SHA-256 | 174a3477cdb83676abe9282ccb2195b63c18c5ee3d51f67ae0d74c3aeffc9587

Download | Favorite | View

Ubuntu Security Notice USN-1152-1

Posted Jun 16, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1152-1 - It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-1486, CVE-2011-2178

SHA-256 | 3cbf89bdc62c18839c600f7eb78579d9d936f562297bd8a52e5131244fa6abd7

Download | Favorite | View