漏洞信息详情
libvirt Local 安全绕过漏洞
- CNNVD编号:CNNVD-200812-372
- 危害等级: 低危
- CVE编号: CVE-2008-5086
- 漏洞类型: 设计错误
- 发布时间: 2008-12-19
- 威胁类型: 本地
- 更新时间: 2009-04-02
- 厂 商: libvirt
- 漏洞来源: Ubuntu
漏洞简介
... libvirt是一套免费、开源的支持Linux下主流虚拟化工具的C函数库 。 libvirt 0.3.2版本至0.5.1版本的多个方法没有检验出一个连接是否可以马上读取,这会允许本地用户绕过预设访问限制和执行管理操作。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Ubuntu Ubuntu Linux 7.10 i386 Ubuntu libvirt-bin_0.3.0-0ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-b in_0.3.0-0ubuntu2.1_i386.deb Ubuntu libvirt-dev_0.3.0-0ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0 .3.0-0ubuntu2.1_i386.deb Ubuntu libvirt0_0.3.0-0ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3. 0-0ubuntu2.1_i386.deb Ubuntu python-libvirt_0.3.0-0ubuntu2.1_i386.deb http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-li bvirt_0.3.0-0ubuntu2.1_i386.deb Ubuntu Ubuntu Linux 8.10 lpia Ubuntu libvirt-bin_0.4.4-3ubuntu3.1_lpia.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubun tu3.1_lpia.deb Ubuntu libvirt-dev_0.4.4-3ubuntu3.1_lpia.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubun tu3.1_lpia.deb Ubuntu libvirt-doc_0.4.4-3ubuntu3.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.4-3ubuntu3.1_all.deb Ubuntu libvirt0-dbg_0.4.4-3ubuntu3.1_lpia.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubu ntu3.1_lpia.deb Ubuntu libvirt0_0.4.4-3ubuntu3.1_lpia.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3 .1_lpia.deb Ubuntu python-libvirt_0.4.4-3ubuntu3.1_lpia.deb http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3u buntu3.1_lpia.deb Ubuntu Ubuntu Linux 8.10 sparc Ubuntu libvirt-bin_0.4.4-3ubuntu3.1_sparc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubun tu3.1_sparc.deb Ubuntu libvirt-dev_0.4.4-3ubuntu3.1_sparc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubun tu3.1_sparc.deb Ubuntu libvirt-doc_0.4.4-3ubuntu3.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.4-3ubuntu3.1_all.deb Ubuntu libvirt0-dbg_0.4.4-3ubuntu3.1_sparc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubu ntu3.1_sparc.deb Ubuntu libvirt0_0.4.4-3ubuntu3.1_sparc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3 .1_sparc.deb Ubuntu python-libvirt_0.4.4-3ubuntu3.1_sparc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3u buntu3.1_sparc.deb Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu libvirt-doc_0.4.0-2ubuntu8.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.0-2ubuntu8.1_all.deb Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu libvirt-bin_0.4.4-3ubuntu3.1_powerpc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubun tu3.1_powerpc.deb Ubuntu libvirt-dev_0.4.4-3ubuntu3.1_powerpc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubun tu3.1_powerpc.deb Ubuntu libvirt-doc_0.4.4-3ubuntu3.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.4-3ubuntu3.1_all.deb Ubuntu libvirt0-dbg_0.4.4-3ubuntu3.1_powerpc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubu ntu3.1_powerpc.deb Ubuntu libvirt0_0.4.4-3ubuntu3.1_powerpc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3 .1_powerpc.deb Ubuntu python-libvirt_0.4.4-3ubuntu3.1_powerpc.deb http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3u buntu3.1_powerpc.deb Ubuntu Ubuntu Linux 8.10 i386 Ubuntu libvirt-bin_0.4.4-3ubuntu3.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0 .4.4-3ubuntu3.1_i386.deb Ubuntu libvirt-dev_0.4.4-3ubuntu3.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0 .4.4-3ubuntu3.1_i386.deb Ubuntu libvirt-doc_0.4.4-3ubuntu3.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.4-3ubuntu3.1_all.deb Ubuntu libvirt0-dbg_0.4.4-3ubuntu3.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_ 0.4.4-3ubuntu3.1_i386.deb Ubuntu libvirt0_0.4.4-3ubuntu3.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4. 4-3ubuntu3.1_i386.deb Ubuntu python-libvirt_0.4.4-3ubuntu3.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvir t_0.4.4-3ubuntu3.1_i386.deb Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu libvirt-doc_0.4.0-2ubuntu8.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0 .4.0-2ubuntu8.1_all.deb
参考网址
来源: BID 名称: 32905 链接:http://www.securityfocus.com/bid/32905 来源: MLIST 名称: [libvirt] 20081217 [SECURITY] PATCH: Fix missing read-only access checks (CVE-2008-5086) 链接:https://www.redhat.com/archives/libvir-list/2008-December/msg00522.HTML 来源: bugzilla.redhat.com 链接:https://bugzilla.redhat.com/show_bug.cgi?id=476560 来源: UBUNTU 名称: USN-694-1 链接:http://www.ubuntu.com/usn/usn-694-1 来源: REDHAT 名称: RHSA-2009:0382 链接:http://www.redhat.com/support/errata/RHSA-2009-0382.HTML 来源: FEDORA 名称: FEDORA-2008-11433 链接:http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00938.HTML 来源: SECUNIA 名称: 34397 链接:http://secunia.com/advisories/34397 来源: SECUNIA 名称: 33292 链接:http://secunia.com/advisories/33292 来源: SECUNIA 名称: 33217 链接:http://secunia.com/advisories/33217 来源: SECUNIA 名称: 33198 链接:http://secunia.com/advisories/33198 来源: OSVDB 名称: 50919 链接:http://osvdb.org/50919 来源: SUSE 名称: SUSE-SR:2009:004 链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.HTML
受影响实体
- Libvirt Libvirt:0.5.1
- Libvirt Libvirt:0.5.0
- Libvirt Libvirt:0.4.6
- Libvirt Libvirt:0.4.2
- Libvirt Libvirt:0.4.1
补丁
暂无
评论