Page 8 of 37 results (0.016 seconds)

CVSS: 2.1EPSS: 0%CPEs: 33EXPL: 0

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. Red Hat libvirt v0.2.0 hasta v0.8.2 crea reglas de iptable con asignaciones inadecuadas de puertos de origen privilegiados, lo que permite a usuarios invitados del SO evitar las restricciones de acceso establecidas aprovechando los valores de dirección IP y puerto-origen, como se ha demostrado copiando y eliminando un arbol de ficheros NFS. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://ubuntu.com/usn/usn-1008-1 http://ubuntu.com/usn/usn-1008-2 http://ubuntu.com/usn/usn-1008-3 http://www.redhat.com/support/errata/RHSA-2010-0615.html http://www.vupen.com/english/advisories/2010/2062 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. Múltiples métodos en libvirt 0.3.2 a 0.5.1 no comprueban si una conexión es de sólo lectura, lo que permite a usuarios locales eludir restricciones de acceso y realizar acciones administrativas. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/50919 http://secunia.com/advisories/33198 http://secunia.com/advisories/33217 http://secunia.com/advisories/33292 http://secunia.com/advisories/34397 http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.html http://www.redhat.com/support/errata/RHSA-2009-0382.html http://www.securityfocus.com/bid/32905 http://www.ubuntu.com/usn/usn-694-1 https://bugzilla.r •