Red Hat Bugzilla – Bug 683650
CVE-2011-1146 libvirt: several API calls do not honour read-only connection
Last modified: 2013-04-15 17:48:32 EDT
Description of problem:
It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virNodeDeviceReAttach, virDomainRevertToSnapshot, virDomainSnapshotDelete and virConnectDomainXMLToNative) did not honour read-only connection. Local attacker could use this flaw to crash the server (DoS) or possibly escalate his privileges.
Created libvirt tracking bugs for this issue
Affects: fedora-all [bug 683655]
Should virNodeDeviceReAttach also be added to the list?
(In reply to comment #4)
> Should virNodeDeviceReAttach also be added to the list?
Yes, I omitted it by mistake. Thanks Jim.
Also added virConnectDomainXMLToNative() after a full review and commited
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0391 https://rhn.redhat.com/errata/RHSA-2011-0391.html