CVE-2014-7823
Published: 5 November 2014
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=28f8dfdcccd4c0f69063ef741545b37d8a7f7935 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libvirt Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| lucid |
Not vulnerable
(0.7.5-5ubuntu27.24)
|
|
| precise |
Not vulnerable
(0.9.8-2ubuntu17.20)
|
|
| trusty |
Released
(1.2.2-0ubuntu13.1.7)
|
|
| utopic |
Released
(1.2.8-0ubuntu11.1)
|
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b |
||