exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2019-10161

Status Candidate

Overview

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Related Files

Gentoo Linux Security Advisory 202003-18
Posted Mar 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-18 - Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands. Versions less than 5.4.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | cedaf4f1a761cf19ece3a39f24ef8321eeb2ff4008e95f9a63478a8c4ce1b8b7
Ubuntu Security Notice USN-4047-2
Posted Jan 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
SHA-256 | aecdb81129825f72035a13cde71a406ded86fa29703505d963a4c16e44ccf1a3
Red Hat Security Advisory 2019-1762-01
Posted Jul 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | e8303f999782435934c2039cd0eaae49aa372e2868245b3abd19e9fed04dc28a
Ubuntu Security Notice USN-4047-1
Posted Jul 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-1 - Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
SHA-256 | 4df3a03128510685c75a01285779eb3bb0e81072baf876310ecf43fc1895d5a2
Red Hat Security Advisory 2019-1699-01
Posted Jul 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1699-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
SHA-256 | d22eb754fb8254f68a8d336dc7f00edae903b9adbc16438840fac6e3bedc813f
Debian Security Advisory 4469-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-10161, CVE-2019-10167
SHA-256 | f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0
Red Hat Security Advisory 2019-1580-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | d64cc56e08dc53f31c705bb755468d2fe24eff552c6255d61cbb86dece94ee74
Red Hat Security Advisory 2019-1579-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | 594a401bf55320cc5b0337c5cd2f58c3d365f4bd2223c804361aadef194de412
Red Hat Security Advisory 2019-1578-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1578-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Arbitrary file read and write issues were addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161
SHA-256 | 8149a62042a04b275e57527ecd68e31ab83e11f0191cbf416717b6c503974b53
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close