vulnerability
Oracle Linux: (CVE-2015-5313) ELSA-2016-2577: libvirt security, bug fix, and enhancement update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:N/I:P/A:N) | 2016-04-11 | 2016-11-09 | 2024-08-06 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:N)
Published
2016-04-11
Added
2016-11-09
Modified
2024-08-06
Description
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Solution(s)
oracle-linux-upgrade-libvirtoracle-linux-upgrade-libvirt-clientoracle-linux-upgrade-libvirt-daemonoracle-linux-upgrade-libvirt-daemon-config-networkoracle-linux-upgrade-libvirt-daemon-config-nwfilteroracle-linux-upgrade-libvirt-daemon-driver-interfaceoracle-linux-upgrade-libvirt-daemon-driver-lxcoracle-linux-upgrade-libvirt-daemon-driver-networkoracle-linux-upgrade-libvirt-daemon-driver-nodedevoracle-linux-upgrade-libvirt-daemon-driver-nwfilteroracle-linux-upgrade-libvirt-daemon-driver-qemuoracle-linux-upgrade-libvirt-daemon-driver-secretoracle-linux-upgrade-libvirt-daemon-driver-storageoracle-linux-upgrade-libvirt-daemon-kvmoracle-linux-upgrade-libvirt-daemon-lxcoracle-linux-upgrade-libvirt-develoracle-linux-upgrade-libvirt-docsoracle-linux-upgrade-libvirt-lock-sanlockoracle-linux-upgrade-libvirt-login-shelloracle-linux-upgrade-libvirt-nss
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.