Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-5086

Published: 19 December 2008

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

From the Ubuntu Security Team

It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks.

Notes

AuthorNote
jdstrand 
should also be fixed in 0.5.1-4 in Debian experimental

Priority

Medium

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian 		dapper Does not exist

gutsy
Released (0.3.0-0ubuntu2.1)
hardy
Released (0.4.0-2ubuntu8.1)
intrepid
Released (0.4.4-3ubuntu3.1)
upstream
Released (0.4.6-10)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading