CVE-2008-5086
Published: 19 December 2008
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
From the Ubuntu Security Team
It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks.
Notes
Author | Note |
---|---|
jdstrand | should also be fixed in 0.5.1-4 in Debian experimental |