vulnerability

Red Hat: CVE-2015-5313: Moderate: libvirt security, bug fix, and enhancement update (RHSA-2016:2577)

Try Surface Command
Back to search
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:N)
Published
2016-04-11
Added
2016-11-04
Modified
2018-01-17

Description

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Solution(s)

redhat-upgrade-libvirtredhat-upgrade-libvirt-clientredhat-upgrade-libvirt-daemonredhat-upgrade-libvirt-daemon-config-networkredhat-upgrade-libvirt-daemon-config-nwfilterredhat-upgrade-libvirt-daemon-driver-interfaceredhat-upgrade-libvirt-daemon-driver-lxcredhat-upgrade-libvirt-daemon-driver-networkredhat-upgrade-libvirt-daemon-driver-nodedevredhat-upgrade-libvirt-daemon-driver-nwfilterredhat-upgrade-libvirt-daemon-driver-qemuredhat-upgrade-libvirt-daemon-driver-secretredhat-upgrade-libvirt-daemon-driver-storageredhat-upgrade-libvirt-daemon-kvmredhat-upgrade-libvirt-daemon-lxcredhat-upgrade-libvirt-debuginforedhat-upgrade-libvirt-develredhat-upgrade-libvirt-docsredhat-upgrade-libvirt-lock-sanlockredhat-upgrade-libvirt-login-shellredhat-upgrade-libvirt-nss

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today