CVE-2013-6456

Related Files

Mandriva Linux Security Advisory 2015-115

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-115 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, root

systems | linux, mandriva

advisories | CVE-2013-6456, CVE-2014-0179, CVE-2014-3633, CVE-2014-3657, CVE-2014-7823, CVE-2014-8136, CVE-2015-0236

SHA-256 | 6ae8444cee405a1fa17b4071c1f7b85b191e5b4db7e6d53ab6a0a1a1d4adf05d

Download | Favorite | View

Gentoo Linux Security Advisory 201412-04

Posted Dec 8, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-4 - Multiple vulnerabilities have been found in libvirt, worst of which allows context-dependent attackers to escalate privileges. Versions less than 1.2.9-r2 are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2013-4292, CVE-2013-4296, CVE-2013-4297, CVE-2013-4399, CVE-2013-4400, CVE-2013-4401, CVE-2013-5651, CVE-2013-6436, CVE-2013-6456, CVE-2013-6457, CVE-2013-6458, CVE-2013-7336, CVE-2014-0028, CVE-2014-0179, CVE-2014-1447, CVE-2014-3633, CVE-2014-5177, CVE-2014-7823

SHA-256 | 04c111d3cb8f6077f1f1c216f9e56106ab6e31444d537f25d03e8ab04ca85eb1

Download | Favorite | View

Mandriva Linux Security Advisory 2014-097

Posted May 19, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-097 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. libvirt was patched to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service. The updated packages have been upgraded to the 1.1.3.5 version and patched to correct these issues.

tags | advisory, denial of service, arbitrary, local, root

systems | linux, mandriva

advisories | CVE-2013-6456, CVE-2014-0179

SHA-256 | ed55160db0091a2f3521eb28085c1855960ad5f1a486378894808978a59d4533

Download | Favorite | View

Ubuntu Security Notice USN-2209-1

Posted May 8, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2209-1 - It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2013-6456, CVE-2013-7336

SHA-256 | 8939815c2944317f51d9cd1820cc2d58ddf2132fb2a7e08c06d91e8d4d7d1a0a

Download | Favorite | View