CVE-2014-0028
Published: 24 January 2014
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 1.1.1 |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(1.1.1-0ubuntu8.5)
|
|
upstream |
Released
(1.2.1)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9f56340539d609cdc2e9d4ab812b9f146c3f100 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=1d0e4fbf9572ad34045a4f9d87601297a5244c38 (1.1.1) |