Your submission was sent successfully! Close

CVE-2008-5086

Published: 19 December 2008

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

From the Ubuntu security team

It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks.

Priority

Medium

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (0.3.0-0ubuntu2.1)
hardy
Released (0.4.0-2ubuntu8.1)
intrepid
Released (0.4.4-3ubuntu3.1)
upstream
Released (0.4.6-10)