Red Hat Bugzilla – Bug 1015259
CVE-2013-4401 libvirt: unintended API access due to incorrect permissions checks
Last modified: 2015-10-15 14:02:10 EDT
A flaw was found in libvirt where libvirtd could crash due to how XML was parsed . With the introduction of ACL permissions in libvirt 1.1.0, this flaw could be manipulated to allow a remote user with connect:read privileges to elevate them to the more permissive domain:write privilege.
This vulnerability was introduced in libvirt 1.1.0.
This issue did not affect the versions of libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.