what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2019-10161

Status Candidate

Overview

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Related Files

Gentoo Linux Security Advisory 202003-18
Posted Mar 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-18 - Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands. Versions less than 5.4.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | cedaf4f1a761cf19ece3a39f24ef8321eeb2ff4008e95f9a63478a8c4ce1b8b7
Ubuntu Security Notice USN-4047-2
Posted Jan 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
SHA-256 | aecdb81129825f72035a13cde71a406ded86fa29703505d963a4c16e44ccf1a3
Red Hat Security Advisory 2019-1762-01
Posted Jul 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | e8303f999782435934c2039cd0eaae49aa372e2868245b3abd19e9fed04dc28a
Ubuntu Security Notice USN-4047-1
Posted Jul 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4047-1 - Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10161
SHA-256 | 4df3a03128510685c75a01285779eb3bb0e81072baf876310ecf43fc1895d5a2
Red Hat Security Advisory 2019-1699-01
Posted Jul 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1699-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
SHA-256 | d22eb754fb8254f68a8d336dc7f00edae903b9adbc16438840fac6e3bedc813f
Debian Security Advisory 4469-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-10161, CVE-2019-10167
SHA-256 | f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0
Red Hat Security Advisory 2019-1580-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | d64cc56e08dc53f31c705bb755468d2fe24eff552c6255d61cbb86dece94ee74
Red Hat Security Advisory 2019-1579-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
SHA-256 | 594a401bf55320cc5b0337c5cd2f58c3d365f4bd2223c804361aadef194de412
Red Hat Security Advisory 2019-1578-01
Posted Jun 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1578-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Arbitrary file read and write issues were addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2019-10161
SHA-256 | 8149a62042a04b275e57527ecd68e31ab83e11f0191cbf416717b6c503974b53
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close