what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2019-10161

Status Candidate

Overview

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Related Files

Gentoo Linux Security Advisory 202003-18
Posted Mar 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-18 - Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands. Versions less than 5.4.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
MD5 | 91a1f9854cf3d4a88dc794b3cf930096
Ubuntu Security Notice USN-4047-2
Posted Jan 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
MD5 | 5c0cf3b857919078bd5bd13419eb3f7d
Red Hat Security Advisory 2019-1762-01
Posted Jul 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
MD5 | e0b1a1c7d0875a0dcb56e2bf48d61d44
Ubuntu Security Notice USN-4047-1
Posted Jul 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-1 - Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
MD5 | 958c7958a85b06e378fab329bef5e1ea
Red Hat Security Advisory 2019-1699-01
Posted Jul 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1699-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
MD5 | 8a5ffed193127d301f910a707c542c6b
Debian Security Advisory 4469-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-10161, CVE-2019-10167
MD5 | 112429be2cb9aff9f7f6af408bbabcfe
Red Hat Security Advisory 2019-1580-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
MD5 | c544da2f8133a94769eee7bb4f5d9abe
Red Hat Security Advisory 2019-1579-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
MD5 | 812b2ff0c246048ad5d02c7b41b34b57
Red Hat Security Advisory 2019-1578-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1578-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Arbitrary file read and write issues were addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161
MD5 | 6300b73ce5212fb867f46b80b737d8bc
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close