Showing 1 - 6 of 6

CVE-2019-10167

Status Candidate

Overview

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Related Files

Gentoo Linux Security Advisory 202003-18: Posted Mar 15, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202003-18 - Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands. Versions less than 5.4.1 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168; SHA-256 | cedaf4f1a761cf19ece3a39f24ef8321eeb2ff4008e95f9a63478a8c4ce1b8b7; Download | Favorite | View

Red Hat Security Advisory 2019-1762-01: Posted Jul 11, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.; tags | advisory, arbitrary; systems | linux, redhat; advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168; SHA-256 | e8303f999782435934c2039cd0eaae49aa372e2868245b3abd19e9fed04dc28a; Download | Favorite | View

Red Hat Security Advisory 2019-1699-01: Posted Jul 8, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1699-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479; SHA-256 | d22eb754fb8254f68a8d336dc7f00edae903b9adbc16438840fac6e3bedc813f; Download | Favorite | View

Debian Security Advisory 4469-1: Posted Jun 22, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.; tags | advisory, arbitrary, vulnerability; systems | linux, debian; advisories | CVE-2019-10161, CVE-2019-10167; SHA-256 | f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0; Download | Favorite | View

Red Hat Security Advisory 2019-1580-01: Posted Jun 20, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168; SHA-256 | d64cc56e08dc53f31c705bb755468d2fe24eff552c6255d61cbb86dece94ee74; Download | Favorite | View

Red Hat Security Advisory 2019-1579-01: Posted Jun 20, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168; SHA-256 | 594a401bf55320cc5b0337c5cd2f58c3d365f4bd2223c804361aadef194de412; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2019-10167

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems