The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:16
Type | Values Removed | Values Added |
---|---|---|
Summary | The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. |
Information
Published : 2013-11-02 18:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-4401
Mitre link : CVE-2013-4401
CVE.ORG link : CVE-2013-4401
JSON object : View
Products Affected
redhat
- libvirt
CWE
CWE-264
Permissions, Privileges, and Access Controls